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^  The  Study  Purpose^Was  io  Determine  the 

Feasibility  of  Standardizing  and  Automating 
FMEA  Techniques  for  Electronics  and  to 
^^^^^LJevelopSuchTechnkme^ 


AUTOMATED 

FMEA 

TECHNIQUES 


Phase  I 


^  /Sk 


•  Assess  the  feasibility  of  devt'oping  r.  standardized  FMEA  technique  for  electronic 
equipment 

•  De'  /mine  the  amount  and  type  of  automation  which  is  both  feasible  and  cost- 
effective 


Phase  II 

•  Standardize  FMEA  technique  for  electronic  equipment  where  possible 

•  Automate  the  stand-  itiized  FMEA  technique  to  the  maximum  extent  possible 
consistent  with  cost-efh  'tiveness 

•  Assess  the  feasibility  of  characterizing  the  external  terminal  failure  signatures  of 
complex,  multi-terminal  electronic  devices 


The  Automated  FMEA  Techniques  study  was  performed  in  two  phases. 

The  purpose  of  Phase  I  was  to  assess  the  need  for  and  feasibility  of  developing  a 
standardized  FMEA  technique  for  electronic  equipment.  The  feasibility  of  developing 
the  standardized  technique  was  assessed  on  the  basis  of  a  detailed  examination  of 
existing  techniques  for  weak  or  void  areas  and  an  analysis  of  the  information  which 
would  have  to  be  developed  to  support  a  standardized  technique.  The  feasibility  of 
automating  the  standardized  technique  Was  assessed  with  respect  to  the  use  of  existing 
automation  tools,  the  development  of  a  totally  new  automated  tool,  and  the 
development  of  a  hybrid  package  which  embodied  all  or  part  of  an  existing  tool  within 
the  automation  package.  The  desirability  of  an  automation  package  was  assessed  with 
respect  to  providing  greater  levels  of  detail  for  a  fixed  level  of  effort,  reducing  the 
overall  analysis  cost,  and  increasing  the  usability  of  the  analysis  by  the  multiple 
specialty  engineering  disciplines  which  could  potentially  extract  data  from  an  FMEA. 

The  purpose  of  Phase  II  was  to  develop  a  standardized  FMEA  technique  for 
electronic  equipment.  The  standard  technique  was  to  be  based  on  existing  techniques, 
if  possible,  and  was  to  resolve  any  weak  or  void  areas.  The  standard  technique  was  to 
be  automated  to  the  maximum  extent  practical,  consistent  with  the  performance  of  a 
cost-effective  FMEA.  The  developed  automation,  whether  a  totally  new  package,  or  a 
combination  of  existing  automation  tools  and  some  newly  developed  automation  war  to 
be  user  friendly,  transportable,  and  supportive  of  existing  FMEA  requirements. 
Additionally,  the  feasibility  of  characterizing  the  failure  signatures  of  complex 
microelectronic  devices,  which  are  observable  at  the  external  terminals,  was  to  be 
investigated  and  the  characterization  included  in  the  standardized  FMEA,  if  possible. 


Phase  I  Determined  the  Feasibi) “  y  of  Developing 
and  Automating  a  Standardized  FMEA 

Technique  and  Its  Appropiiate  Limitations 


AUTOMATED 

FMEA 

TECHNIQUES 


STUDY  TASK 


•  Assess  the  FMEA  specifications  and 
standards  currently  in  use  for  FMEA 

•  Review  the  technical  literature  on 
FMEA 


•  Survey  the  technical  community  to 
assess  the  availability  and  existence 
of  proprietary  and  non  proprietary 
tools  and  techniques 

•  Survey  the  commercial  marketplace 
for  existing  analysis  programs  which 
can  be  used  to  perform  or  support 
FMEA 


RESULTS 


-  FMEA  specifications  and  standards  define  the  analysis 
and  provide  a  contractual  baseline  for  deliverable  data 

-  Except  for  G.L.  Barbour’s  matrix  technique, there  has 
been  very  little  development  of  new  FMEA 
methodology 

-  There  is  no  recognized  single  source  for  component 
failure  modes 

-  The  amount  of  computerization  accomplished  by 
individual  companies  is  small  and  limited  to  some 
clerical  assistance  to  the  engineer  performing  the 
analysis 

-  Commercially  available  computer  programs  are 
intended  for  circuit  analysis  and  are  limited  in  FMEA 
applicability 

-  Commercially  available  programs  are  large,  expensive, 
and  difficult  or  impossible  to  integrate  and  modify 
for  FMEA:  requirements 


The  approach  used  in  determining  the  feasibility  of  developing  a  standardized, 
automated  FMEA  technique  was  to  initially  determine  the  relevant  strengths  arid 
weaknesses  of  existing  techniques  and  to  examine  the  feasibility  of  strengthening  any 
identified  weak  areas.  An  availability  assessment  was  then  made  of  the  availability  of 
sources  of  information  required  for  FMEA  but  not  readily  available  within  the 
electronics  industry  was  then  made.  This  included  relevant  military  and  industrial 
standards,  technical  literature  on  FMEA,  and  a  direct  survey  of  the  technical 
community.  In  addition,  an  examination  was  made  of  automated  tools  which  are 
currently  available  and  potentially  usable  for  FMEA  purposes. 

The  standards  and  literature  reviewed  were  limited  to  material  published  within 
the  last  ten  years  and  to  the  latest  revision  of  standards  available.  It  was  found  that 
the  specifications  and  standards  are  adequate  for  their  intended  purpose.  They  uniquely 
define  the  intended  analysis  and  form  a  contractual  basis  for  delivery  of  the  FMEA. 

The  technical  literature  revealed  only  one  significant  new  technique  within  the  FMEA 
technology,  the  matrix  technique  developed  by  G.L.  Barbour  and  published  in  1 977. 

The  industry  survey  revealed  that  very  little  FMEA  computerization  has  been 
accomplished  and  what  is  available  is  clerical  in  nature.  The  survey  of  available: 
automated  tools  found  that  most  design  analysis  programs  had  major  limitations  with 
respect  to  FMEA  purposes.  The  one  clerical  FMEA  program  identified  is  expensive  and 
requires  specialized  user  training. 

No  industry-recognized  source  for  component  failure  modes  and  the  frequency  of 
their  occurrence  was  found.  This  information  is  required  if  numerically  accurate 
piece-part  criticality  assessment  is  to  be  performed. 
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SECTION  1  -  EXECUTIVE  SUMMARY 
1.3  Phase  I  Conclusions 


Phase  I  Concluded  that  a  Standardized, 

"N 

AUTOMATED 

Automated  FMEA  Technique  Using  the 

FMEA 

Matrix  Method  is  Both  Needed  and  Feasible 

TECHNIQUES 

•  The  current  FMEA  standards  and  specifications  are  adequate  for  their  intended 
purpose  but  do  not  provide  a  standardized  FMEA  technique 


•  Standardization  of  FMEA  techniques  is  feasible  and  should  be  based  on  an 
expansion  of  the  matrix  technique 


•  Automation  of  circuit  analysis  for  direct  FMEA  use  is  not  feasible 


•  Automation  of  the  effects  analysis  functions  is  feasible  and  cost-effective 


•  A  compilation  of  component  failure  mode  data  is  desirable  if  it  can  be  obtained 
cost-effectively 


V _ _ _ J 

The  matrix  FMEA  technique  is  the  most  promisin'*  methodology  for 
standardization.  It  provides  a  significant  reduction  in  clerical  la*or  compared  to  the 
MIL-STD-1629A  tabular  format'1-  increat  s  reachability,  and  allows  information  to  be 
readily  extracted.  Its  primary  limitation  is  its  inability  to  contain  commentary 
material. 

The  development  of  a  standardized  technique  was  determined  to  be  feasible  in 
terms  of  depth  of  analysis,  program  phasing,  presentation  format,  and  usability  of 
results.  The  standardization  of  electronic  circuit  analysis,  similar  to  that  imposed  for 
reliability  predictions  by  MIL-HDBK-217,  was  not  considered  feasible. 

An  automation  tool  to  perform  circuit  analysis  and  provide  an  FMEA  based  on 
that  analysis  is  not  considered  feasible.  Large  circuit  emulation  programs  are  limited 
in  types  and  size  of  circuits  analyzed  and  are  structured  to  produce  an  output  in  terms 
of  signal  parameters  at  a  specific  nodal  point.  They  require  the  circuit  design 
engineer’s  interpretation  of  the  effects  in  every  case. 

An  automation  tool  to  reduce  the  clerical  effort  requir'd  for  an  FMEA  is 
feasible.  The  several  proprietary  programs  in  existence  are  limited  in  scope.  The  one 
commercially  available  program  for  clerical  workload  reduction  is  fairly  expensive  and 
requires  a  training  course. 

A  compilation  o?  component  failure  modes  for  FMEA  usage  is  needed  for  accurate 
criticality  analysis.  There  may  be  adequate  compiled  failure  records  and  studies 
available  within  the  electronics  industry  to  allow  a  centralized  source  to  be  developed 
for  components  which  have  been  in  use  for  many  years.  These  data  compilations  should 
be  investigated  to  determine  the  approximate  component  failure  modes  and  their 
associated  rates.  ^ 
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SECTION  1  -  EXECUTIVE  SUMMARY 
1.4  Phase  II  Activity 


The  Phase  II  study  tasks  were  undertaken  to  provide  a  standardized  technique  for 
performing  FMEAs  of  electronic  equipment  which  would  provide  maximum  usability  of 
results  while  minimizing  the  effort  required.  The  resulting  advanced  matrix  technique 
is  a  significant  extension  of  G.  Barbour's  origincl  matrix  methodology.  The  technique 
has  been  extended  to  allow  the  methodology  to  be  used  for  the  entire  analysis  rather 
than  as  a  supplement  to  tabular  methods.  Also,  the  extraction  of  maintenance**  related 
information  from  the  matrix  format  FMEA  has  been  improved  and  rigidly  defined. 

The  automation  tool  which  accompanies  the  advanced  matrix  technique  FMEA  is  a 
flexible,  user-friendly  integration  of  the  technique  with  the  analysis  environment.  The 
program  has  been  deliberately  designed  to  ensure  ease  of  use  where  constant  change  is 
a  normal  part  of  the  design  process.  The  analyst  is  expected  to  interact  with  the 
computer  aid  directly  while  performing  the  analysis.  The  computer  directs  the 
information  entry  through  the  use  of  a  full  screen  interactive  approach. 

The  Phase  I  survey  of  ihe  te  hnicaT  community  was  extended  in  Phase  I!  to  include 
a  request  for  component  failure  modes  currently  in  use  by  engineers  performing  FMEA. 
The  failure  modes  obtained  wore  not  tract  ,ble  to  any  specific  program  or  data  collec¬ 
tion  effort.  The  component  failure  modes  currently  in  use  for  FMEA  are  apparently  the 
result  of  a  Delphi  process  at  the  various  individual  organizations.  The  development  of  a 
comprehensive  compilation  of  high-usage  component  failure  mode  data  was  beyond  the 
scope  of  this  study. 

A  survey  of  technical  and  component  manufacturing  communities  revealed  that 
industry  does  not  have  a  component  failure  information  data  base  which  is  sufficient  to 
allow  the  failure  signatures  of  complex  microelectronic  devices  to  be  characterized. 
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^  In  Phase  II,  a  Standardized  FMEA  Technique 

Using  the  Matrix  Approach  was  Developed, 
Along  with,  Appropriate  Automated  Aids 

\ 

AUTOMATED  | 
FMEA  | 
TECHNIQUES  ! 

dtudy  Task 

! 

Result 

•  Develop  a  standardized  FMEA  technique 
which  is  comprehensive,  time  and  cost- 
effective,  and  can  be  automated 

•  Develop  an  automation  tool  to 
accompany  the  standardized  technique 

•  Develop  a  compilation  of  high  useage 
piece-part  failure  mode  data  if  cost- 
effective 


•  Assess  the  feasibility  of  characterizing  the 
external  terminal  failure  signatures  of 
complex,  multi-terminal  microelectronic 
devices 

_ _ 


A  standardized  FMEA  technique  based  on  an 
expansion  of  the  matrix  technique  has  been 
developed 


-  A  computer  program  which  fully  automates 
effects  analysis  has  been  developed 


-  A  list  of  high  useage  piece  part  failure  modes 
was  compiled  but  indicated  little  correlation 
between  sources 


-  The  electronics  industry  does  not  have 
sufficient  data  to  allow  a  meaningful  character¬ 
ization  of  complex  microelectronic  device 
failure  modes  for  piece-part  FMEA  useage 

_ _ _ ) 


SECTION  1  -  EXECUTIVE  SUMMARY 
1.5  Recommendations  for  Future  Research 
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The  Automated  FMEA  Study  has  Identified 
Several  Areas  of  FMEA  Technology  Where 
Additional  Research  is  Needed 


AUTOMATED 

HMEA 

TECHNIQUES 


* 

K) 

» 

o 
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•  FMEA  of  software  is  largely  undefined 


•  FMc.A  of  complex  digital  circuitry  is  a  problem  at  the  piece-part  leva!  of  detail 


•  Component  failure  mode  rates  are  not  kno.»n 


•  The  failure  modes/signatures  of  complex,  multi-terminal  devices  are  not  defined 


^ _ _ _ _ _ . 

The  Automated  FMEA  Techniques  study  has  provided  both  a  standardized 
technique  for  FM  "A  on  electronic  equipment  and  an  automation  package  to  reduce 
analysis  costs  and  increase  analysis  usability.  The  study  has  not,  however,  resolved 
several  ter1  seal  problems  which  may  be  of  significance  to  the  analysis. 

The  analysis  methods  to  be  used  when  assessing  equipment  which  is  dependent  on 
software  performance  for  correct  operation  has  not  been  resolved.  This  Is  a  potentially 
significant  limiting  factor  with  respect  to  the  FMEA  process.  An  increasing  number  of 
types  of  equipment  are  dependent  on  software  performance  for  end  item  function. 

The  analysis  problems  associated  with  the  piece-part  level  FMEA  of  complex 
digital  circuitry  stiil  remain.  The  failure  signatures  associated  with  complex, 
multi-terminal  devices  could  not  be  uniquely  characterized.  Additionally,  the 
,  increasing  use  of  microelectronic  devices  with  computer  bus  oriented  architectures 
presents  a  complexity  problem  which  may  preclude  any  realistic  piece-part  analysis  for 
some  circuitry.  Also,  the  data  base  which  would  be  required  to  allow  device  failure 
signature  characterization  may  not  be  developable  due  to  the  rapid  advance  in 
component  technology.  Many,  and  perhaps  even  most,  complex  microei*etronic  devices 
will  be  obsolete  prior  to  the  accumulation  of  data,  which  is  sufficiently  comprehensive 
to  allow  the  characterization  of  the  device's  failure  signatures. 

The  problem  of  calculating  accurate,  traceable  and  comparable  criticality 
numbers  has  not  been  resolved.  The  component  failure  modes  and  associated  rates 
which  ere  in  use  by  the  electronics  community  have  been  developed  through  a  delphi 
process  rather  than  data  collection.  This  problem  is  probably  not  solvable  in  a  cost- 
effective  manner. 


SECTION  2 
PHASE  I 

STUDY  ACTIVITY 

Phase  I  study  activity  was  designed  to  determine  the  feasibility  of  developing  a 
standardized  FMEA  technique  for  electronic  equipment  and  the  feasibility  of 
automating  the  technique.  Additionally,  the  Phase  I  study  activity  was  used  to  provide 
the  scope  and  focus  of  the  subsequent  Phase  0  activity. 

The  activity  during  the  Phase  I,  feasibility  phase,  of  the  study  consisted  of  four 
basic  tasks.  The  specifications  and  standards  which  are  commonly  used  to  describe  and 
contractually  impose  FMEA  of  electronic  equipment  were  reviewed  and  evaluated  with 
respect  to  their  adequacy  in  uniquely  defining  the  analysis  desired  and  in  providing 
guidance  to  the  analyst  on  the  technique  to  be  used.  The  technical  literature  on  FMEA 
was  reviewed  to  determine  applicable  techniques,  recent  developments  in  FMEA,  and 
any  relevant,  supplementary  information  which  would  assist  in  the  performance  of  the 
analysis.  The  technical  community  was  surveyed  to  identify  FMEA  automation  tools 
which  had  been  developed  by  individual  companies  to  assist  their  engineers  in 
performing  FMEA.  Additionally,  the  survey  of  the  technical  community  was  used  to 
identify  sources  of  component  data  for  use  during  Phase  II  of  the  study.  The 
commercial,  technical  marketplace  was  also  investigated  for  any  automated  tools  which 
were  available  and  could  be  used  to  assist  in  FMEA. 

The  results  of  these  investigations  were  then  used  to  determine  the  appropriate 
scope  and  direction  of  the  Phase  II  study  activity. 

2.1  SPECIFICATION  AND  STANDARD  EVALUATION 

The  specifications  and  standards  reviewed  comprise  two  broad  general  categories, 
programmatic  and  proceduraL  Each  specification  type,  while  different  in  intent,  helps 
define  and  establish  FMEA  for  electronic  equipment. 

The  programmatic  standards  describe  and  provide  for  the  overall  linkage  of  the 
FMEA  to  contractual  requirements  and  to  the  engineering  programs  for  relisbillty, 
safety,  maintainability,  and  related  disciplines.  These  standards  provide  guidance  on 
utilizing  the  FMEA  as  an  integrated  program  element  within  the.  various  disciplines. 
Guidance  is  generally  given  with  respect  to  proper  program  phasing  of  the  analysis,  and 
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appropriate  review  points.  The  programmatic  standards  are  not  intended  to  provide 
specific  guidance  on  methodology  to  be  used,  format  required,  or  other  specifics  of  the 
analysis.  The  most  commonly  invoked  programmatic  standard  for  FMEA, 
MIL-STD-785B,  provides  guidance  to  the  procuring  activity  in  regards  to  tailoring  the 
analysis  requirements  to  achieve  program  objectives. 

The  procedural  standards  define  the  FMEA  requirement  in  detail.  These  standards 
define  the  information  required  for  the  analysis  output  and  the  typical  format  the 
output  presentation  is  to  have.  The  methodology  to  be  used  to  achieve  the  analysis  is 
described  in  general  terms. 

The  specifications  and  standards  reviewed  during  Phase  I  of  the  study  are  listed  in 
Table  1,  along  with  the  title,  date,  and  category  of  the  specification.  All  standards 
reviewed  were  limited  to  the  latest  revision  released.  All  outdated  revisions  and 
superceded  specifications  and  standards  were  assumed  to  have  had  any  relevant 
requirements  incorporated  into  succeeding  revisions  or  superceding  documents. 

The  most  common  method  of  specifying  a  formal  FMEA  for  U.S.  Military 
procurements  is  to  impose  a  MIL-STD-785B  reliability  program  with  an  FMEA  in 
accordance  wiih  MIL-STD-1629A.  This  is  typically  specified  within  the  contractual 
Statement  of  Work  (SOW)  with  associated  data  delivery  required  in  accordance  with  the 
Contract  Data  Requirements  List  (CDRL)  and  DI-R-7085.  This  requirement  is 
commonly  imposed  along  with  a  MIL-6TD-470  maintainability  program,  a 
MIL-STD-882A  safety  program,  and  a  MIL-6TD-1388  logistics  support  analysis  in 
related  disciplines.  Standards  which  represent  a  tailoring  of  MIL-6TD-783B  and 
MIL-6TD-682A  such  as  QR-600-^  and  MDL.-6TD-1574A  are  substituted  for  the  more 
common  standards  in  specific  procurements.  This  is  particularly  prevalent  for  missile 
system  procurements. 

The  programmatic  standards  for  reliability  in  combination  with  a  contractual  SOW 
define  the  requirements  for  the  FM  EA  in  terms  of  level  of  detail  and  required  delivery 
dates.  There  does  not  appear  to  be  any  ambiguity  introduced  with  respect  to  the 
analysis  required,  the  intended  usages  of  the  analysis,  or  any  other  specific  requirement 
of  the  FMEA  by  the  programmatic  specifications.  There  is  a  potential  problem, 
because  the  contractual  documents  do  not  provide  the  detailed  definition  and  tailoring 
required. 


/  - 

TABLE  1.  SPECIFICATIONS  AND  STANDARDS  EVALUATED 


Standard 

Title 

Date 

Category 

. *  IL-STD- 
785B 

Reliability  Program  for  Systems 
and  Equipment,  Development  and 
and  Production 

15  Sep  80 

Programmatic 

. 

MIL-STD- 

1629A 

Procedures  for  Performing  a 

Failure  Mode  Effects  and 

Criticality  Analysis 

24  Nov  80 

Pror  edural 

ARP-9  26 A 

Society  of  Automotive  Engineers 
Recommended  Practice 
Fault/Failure  Analysis  Procedure 

15  Nov  79 

Procedural 

MIL-STD- 
1543  thru 
Notice  2 

Reliability  Program  Requirements 
for  Space  and  Missile  Systems 

22  July  77 

Programmatic 

MIL-STD- 
8 82 A 

System  Safety  Program 
Requirements 

28  June  77 

Programmatic 

MIL-STD- 

470 

Maintainability  Program 
Requirements 

21  March  66 

Programmatic 

MIL-STD- 

1574B 

System  Safety  Program  for 

Space  and  Missile  Systems 

15  Aug  79 

Programmatic 

QR-800-Q 

Reliability  Program  for  Equipment 
Development  (U.S.  Army  Missile 
Command) 

13  Jan  8? 

Programmatic 

The  primary  FMEA  procedural  specifications  currently  in  common  use  are 
MIL-STD-1629A  and  ARP-926A.  When  a  formal  FMEA  process  is  subject  to  procuring 
activity  review  or  contractual  delivery,  one  of  tnese  two  standards  is  usually  invoked. 
The  U.S.  Military  procurement  agencies  normally  specify  MIL-STD-1629A  for  FMEA  on 
electronic  equipment. 

ARP-926A  provides  a  reasonably  detailed,  but  general  set  of  guidelines  for 
performing  fault/failure  analysis.  This  includes  the  approach  to  be  used  during  the 
analysis  for  both  FMEA  and  fault  tree  methods.  The  ARP  also  provides  some  simple 
example  material  to  aid  the  analyst  in  interpreting  the  process  required.  T^e  document 
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does  not  mandate  a  specific  format  but  instead  suggests  that  the  analyst  develop  his 
own  format  based  on  the  unique  requirements  of  the  particular  analysis. 

M IL-ST D- 1 6 2 9 A  provides  specific  guidance  with  respect  to  format  and 
information  requirements  for  FMEA.  The  standard  does  not  provide  guidance  to  the 
analyst  on  how  to  perform  the  analysis.  There  is  no  exemplary  material  provided  within 
the  standard.  The  document  is  structured  to  provide  a  rigid*  contractual  requirement 
for  the  analysis  data  rather  than  a  procedure  for  developing  the  analysis. 

MIL-STD-1629A  and  ARP-926A  are  both  very  general  in  their  description  and 
require  significant  levels  of  individual  interpretation  by  the  analyst  to  apply  the  stated , 
requirements  to  a  particular  system.  The  standards  provide  adequate  guidance  to  allow 
analysis  of  a  relatively  simple  mechanical  or  electrical  product  to  be  performed  by  an 
inexperienced  analyst.  However,  the  documents  provide  very  little  guidance  for  the 
analysis  of  modern,  complex  electronic  equipment.  Specific  weaknesses  include: 

•  Piece-part  failure  modes  and  the  percentage  each  mode  represents  of  the 
total  failure  rate  are  not  provided.  No  guidance  is  given  to  an  appropriate 
reference  to  obtain  these  modes  and  percentages.  This  information  is 
required  for  FMEA  at  the  piece-part  level  when  criticality  analysis  is  desired 

•  There  is  no  guidance  given  for  the  level  of  analysis  or  the  treatment  of 
complex  electronic  devices  (microprocessors,  memories,  etc.). 

The  standards  and  specifications,  both  programmatic  and  procedural,  are  adequate 
in  terms  of  defining  the  contractual  FMEA  requirements  in  terms  of  a  set  of  specific 
data,  with  a  mandated  level  of  detail  and  program  phase.  The  documents  provide  little 
or  no  information  on  the  techniques  and  methodology  to  be  used  in  analyzing  modern 
electronic  equipment.  The  only  tool  presented  with  the  documents  is  the  sample  FMEA 
output  form  for  manual  use. 

2,2  CURRENT  TECHNIQUES  IN  FMEA 

The  relevant  technical  literature  was  researched  as  a  part  of  the  Phase  I  study 
activity  to  determine  what  new  or  improved  toot;  or  techniques  had  been  developed  to 
aid  in  the  performance  of  FMEA  and  fault/failure  analysis  in  the  electronics  industry. 
The  review  of  the  technical  literature  was  also  used  to  identify  any  supplementary 
technical  information  which  could  aid  an  analyst  in  performing  FMEA.  The  literature 
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review  was  limited  to  material  published  within  the  last  ten  years.  This  was  considered 
a  reasonable  time  limitation  due  to  the  rapid  evolution  of  electronic  technology  during 
the  period  and  the  rate  at  which  existing  techniques  and  tools  are  improved  within  the 
electronic  and  aerospace  industries. 

The  scope  of  the  literature  reviewed  included  improved  manual  and  automated 
techniques  and  new  technical  information  relating  to  expanded  or  improved  applications 
of  existing  techniques.  This  included  any  technical  information  which  provided  the 
techniques  required  to  allow  usage  of  the  FMEA  in  applications  previously  considered  to 
be  prohibitively  difficult. 

For  the  purposes  of  this  study  any  new  or  improved  technique  was  expected  to 
either  meet  the  intent  of  MIL-STD-1629A  for  informational  content  or  be  readily 
adaptable  to  meet  the  intent  of  the  standard.  The  method  would  heed  to  provide  a 
complete  listing  of  all  single  point  failures  and  their  effects  at  each  level  of  indenture. 
Additionally,  criticality  or  some  other  relevant  categorization  of  failures  which  is 
consistent  with  M1L-STD-882A  would  need  to  be  obtainable.  The  specific  format  of  the 
output  presentation  was  not  considered  critical.  To  be  considered  an  improvement  Over 
existing  methods,  any  new  techniques  were  required  to  provide  one  or  more  of  the 
following: 

•  A  reduction  in  the  total  labor  expended  to  produce  an  equivalent  analysis  or  a 
more  detailed  analysis  for  the  same  labor 

•  yi creased  usability  in  related  disciplines  (e.g.,  safety,  maintainability,  and 
logistics) 

•  Improved  traceability  and  readability  of  the  analysis 

•  Increased  accuracy  of  the  analysis 

•  A  reduction  in  the  skill  or  expertise  required  of  the  analyst. 

The  identification  of  techniques  which  would  reduce  the  total  labor  expended  to 
produce  the  analysis  was  considered  of  critical  importance.  Any  technique  which 
reduced  the  labor  requirements  for  the  analysis  would  allow  easier  completion  of  the 
FMEA  within  a  time  frame  which  coincided  with  the  design  process.  This  would  help 
ensure  that  the  FM  EA  results  are  incorporated  into  the  design  at  a  cost-effective  point 
in  the  program. 
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A  review  of  the  technical  literature  reveals  two  prominent  fault/failure  analysis 
techniques  currently  being  utilized  within  the  electronics  and  aerospace  industry:  Fault 
Tree  analysis  and  the  FMEA.  These  are  general  techniques  which  are  applicable  to  a 
wide  range  of  designs  to  allow  reliability  and  safety  assesrment.  The  results  of  either 
type  of  analysis  can  additionally  provide  inputs  to  the  maintainability  analysis  process 
and  aid  in  the  development  of  training  .ind  technical  manual  material.  The  two  primary 
fault/failure  analysis  techniques  have  been  extended  with  more  specialized  analysis 
techniques  such  as  common  cause  analysis  and  event  sequence  analysis.  Common  cause 
and  event  sequence  analysis  are  the  most  broadly  applicable  of  the  many  specialized 
analysis  techniques  in  use.  These  specialized  techniques  are  supplementary  to  the 
primary  analysis  methods  and  extend  their  usability  or  accuracy  in  specialized 
applications.  The  specialized  techniques  are  not  considered  to  be  replacements  for 
either  general  technique. 


2.2.1. 1  Fault  Tree  Analysis 

Fault  tree  analysis  is  a  deductive,  top-down,  failure  analysis  technique  with  wide 
applicability  and  use,  primarily  for  system  safety  analysis.  The  analysis  starts  with  an 
undesired  top  event  (failure)  and  proceeds  downward  through  the  hardware  under 
examination  to  identify  all  potential  single  and  multiple  failure  causes  (primary 
events).  The  resulting  fault  tree  is  a  Boolean  representation  of  all  events  which  can 
potentially,  lead  to  the  undesired  top  event.  A  significant  body  of  technical  literature 
on  fault  tree  approaches  and  uses  exist  at  various  levels  of  mathematical 
sophistication.  R.E.  Barlow  provided  an  excellent  introductory  work  in  1973  (1). 


2.2.1. 2  Failure  Modes  and  Effects  Analysis 

\  * 

/  Failure  Modes  and  Effects  Analysis  (FMEA)  is  a  bottonli-up,  inductive,  failure 

Y  b 

analysis  technique.  This  analysis,  which  is  normally  performed  by  reliability  engineers, 
is  used  to  support  multiple  disciplines.  The  analysis  output  supports  reliability, 
maintainability,  testability,  logistics,  and  safety  activities.  The  analysis  starts  with  a 
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single  point,  low-level  failure  and  proceeds  upward  through  the  hardware  under  analysis 
to  define  the  failure  effect  at  each  level.  The  analysis  method  is  defined  in 
MIL-STD-1629A  and  ARP-926A. 

\ 


2.2. 1.3  Common  Cause  Analysis 

Common  Cause  Analysis  is  an  extension  of  fault/failure  analysis  techniques  to 
assess  the  effects  of  events  common  to  an  entire  system  (earthquake,  overvoltage, 
temperature,  etc.)  on  what  are  normally  independent  failure  paths.  The  technique, 
which  is  usually  used  in  conjunction  with  a  fault  tree  analysis,  allows  assessment  of 
failures  which  can  simultaneously  effect  apparently  independent  features.  A  variety  of 
approaches  to  the  analysis  have  been  taken  with  various  strengths  and  weaknesses.  A 
comparative  overview  of  the  most  common  approaches  is  given  by  D.M.  Rasmusor  (2). 


2.2. 1.4  Event  Sequence  Analysis 

Event  sequence  analysis  (3,4)  is  an  extension  of  fault  tree  mathematical 
techniques  which  assesses  the  probability  of  occurrence  of  the  various  elemental  events 
of  tne  tree  as  a  function  of  their  time  dependencies.  This  analysis  technique  provides 
for  accurate  assessment  of  top  event  probabilities  when  the  necessary  elemental  events 
occupy  different  sequences  in  time.  The  method  appears  to  be  particularly  effective  in 
assessing  conditional  failure  probabilities. 


,  2.2.2  FAULT/FAILURE  ANALYSIS  FOR  ELECTRONICS 

Each  of  the  fault/failure  analysis  techniques  has  some  applicability  to  the  analysis 
of  electronic  equipment.  The  fault  tree  analysis  and  FMEA  are  the  primary  analysis 
techniques  and  both  are  used  extensively  in  the  assessment  of  electronic  equipment  to 
present  the  basic  failure  modes  and  their  effects  at  each  level  of  indenture  for 
reliability  and  safety  analysis.  Both  analysis  methods  have  advantages  and 
disadvantages  with  respect  to  electronic  equipment.  The  FMEA  technique  appears 


to  provide  the  more  accurate  results  for  electronips  because  the  analysis  is  inductive. 
Table  2  presents  a  relative  comparison  of  the  two  techniques. 

The  most  prevalent  criticisms  of  the  FMEA  technique  in  the  literature  are  that  it 
is  difficult  to  apply  during  early  design  phases,  does  not  consider  multiple  point  failures, 
is  very  labor  intensive,  and  does  not  provide  an  output  which  is  readily  understandable 
by  design  engineering  and  management  personnel.  The  primary  criticism  of  the  fault 
tree  method  is  that  the  analyst  can  miss  potential  critical  failures  due  to  the  deductive 
nature  of  the  approach.  However,  the  deductive  approach  can  be  effectively  utilized 
when  minimal  design  information  is  available.  Each  of  these  weaknesses  has  some 
validity  but  is  not  necessarily  critical  in  the  analysis  of  electronic  equipment. 

The  availability  of  failure  mode  and  effect  information  at  an  early  point  in  the 
design  process  has  a  significant  influence  on  the  ability  to  produce  the  necessary  design 
changes  in  the  hardware.  Information  which  is  provided  late  in  the  design  process  can 
tend  to  have  little  impact  due  to  the  high  cost  associated  with  changing  an  existing 
design.  The  application  of  the  FMEA  process  early  in  the  design  process  is  possible. 
However,  the  analysis  must  be  approached  top  down  rather  than  bottom  up  at  this 
point.  When  this  methodology  is  applied  to  electronic  devices  there  is  a  tendency  to 
identify  failure  modes  and  effects  which  may  be  impossible  in  the  final  design.  For 
example,  a  signed  output  from  a  module  not  yet  designed  may  have  a  failure  mode  of 
frequency  beyond  toleremce  assigned  during  the  early  evolution  of  the  next  higher 
assembly.  The  final  design  of  the  module  may  contain  sufficient  band-pass  filtering  to 
ensure  that  an  off-frequency  condition  results  in  a  "no  output"  failure  mode.  Therefore, 
there  is  no  "frequency  beyond  tolerance"  failure  mode.  This  is  not  necessarily  a 
drawback  as  it  helps  focus  early  design  efforts  on  the  elimination  of  such  failure  modes 
When  the  end  item  effect  is  critical. 

The  FMEA  approach  to  failure  analysis  does  not  generally  consider  multiple 
failures.  Multiple  point  failures  are  only  considered  when  a  single  point  failure 
produces  no  effect  0:1  the  performance  of  the  end  item  system.  This  does  impose  some 
limitation  on  the  applicability  bf  the  FMEA  technique  to  extremely  large  systems  which 
are  dependent  on  a  human  interface  to  complete  the  system  (e.g.,  nuclear  power 
facilities).  This  limitation  occurs  because  the  human  failure  or  inability  to  perceive  the 
effects  of  a  single  point  failure  is  not  generally  considered.  A  fault  tree  approach  is 
generally  used  in  large  systems  where  the  human  interface  is  critical,  however,  the  use 
of  FMEA  is  not  precluded.  Pearson  (5)  has  reported  the  use  of  a  single  point  and 
multiple  point  FMEA  to  assess  the  design  of  the  DC-10  All-Weather  Landing  System. 
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TABLE  2.  COMPARISON  OF  FAULT  TREE  ANALYSIS  TO  FMEA 


Characteristic 

i - - - 

Fault  Tree  Analysis 

FMEA 

Primary  use 

Safety  analysis 

Reliability  analysis 

Methodology 

Top  down  -  deductive 

Bottom  up  -  inductive 

Failures 

Considered 

Single  and  multiple  point  failures  causing 
undesired  top  event 

All  single  point  failures 

Automation 

Available 

Numerous  programs  for  graphics 
and  numerical  computation 

Limited  automation 

Readability 

Easily  understandable  to  nonspecialists 

Difficult  to  understand 
for  nonspecialists 

An  FMEA  approach  has  also  been  used  in  power  production  facility  safety  studies  for 
both  nuclear  (6,7)  and  non-nuclear  (8)  plants  and  in  assessing  the  safety  of  the  space 
shuttle  payloads  (9). 

The  FMEA  technique  is  very  labor  intensive.  This  is  due  to  the  nature  of  the 
analysis  and  the  small  amount  of  computerization  which  has  been  accomplished  for 
FMEAs.  Fault  trees  have  had  a  significantly  greater  amount  of  computerization 
accomplished  both  for  small  computers  (10,11)  and  relatively  large  machines  (12,13,14). 

The  presentation  of  FMEA  data  in  MIL-STD-1629A  tabular  form  is  not  as  readily 
understandable  to  engineers  outside  the  reliability  and  safety  engineering  disciplines  as 
the  fault  tree.  This  is  due  to  both  the  method  of  presentation  and  the  larger  quantity  of 
information  developed  in  an  FMEA.  The  fault  tree  has  the  advantage  of  presenting 
failure  effect  data  in  a  graphic  format  which  is  readily  understandable  by  non¬ 
specialists.  This  has  allowed  a  somewhat  greater  impact  from  material  presented  in 
fault  tree  format. 

The  primary  advantage  of  FMEA  with  respect  to  fault  tree  analysis  is  in  accuracy 
(completeness).  Fault  tree  analysis  requires  that  the  analyst  deductively  ferret  out  all 
failure  modes  which  could  singly  or  in  combination  cause  the  undesired  top  event  to 
occur.  The  approach  is  function-oriented  and  the  ability  to  deduce  all  such  failure 
modes  is  largely  dependent  on  the  skill  of  the  particular  analyst.  The  methodology, 
being  function-oriented,  also  tends  to  be  less  thorough  than  FMEA  in  assessing  interface 
problems.  The  FMEA,  by  considering  all  single  point  failures  in  the  hardware,  ensures 
that  full  consideration  is  given  to  all  possibilities.  This  is  particularly  critical  in 
interface  areas  (wiring,  etc.)  where  designed-in  redundancy  is  often  lost  and  failure 


modes  which  are  not  apparent  On  the  schematic  circuitry  or  in  the  inherent  circuit 
function)  are  uncovered. 

FMEA  also  develops  a  larger  quantity  of  information  than  fault  tree  analysis.  Die 
additional  information  developed  consists  of  assessment  of  failure  predictability, 
detectability,  and  available  compensating  provisions.  Diis  additional  detail  allows  the 
FMEA  data  co  support  maintainability,  testability,  safety,  and  logistics  studies.  Die 
presentation  method  used  for  FMEA  imposes  some  difficulty  in  extracting  the  required 
information  for  these  associated  purposes.  Die  required  information  is  included  but  it 
is  not  organized  in  an  optimum  manner  for  evaluating  maintenance,  logistics,  and 
testability  parameters.  Diis  often  imposes  a  need  to  manually  extract  data  in  the 
required  order. 

2.2.3  NEW  DEVELOPMENTS  IN  FMEA 

A  significant  new  development  within  FMEA  is  the  matrix  FMEA  developed  by 
G.L.  Barbour  (15)  and  subsequently  computerized  by  J.M.  Legg  (16).  Die  matrix  FMEA 
approach  is  a  significant  improvement  in  terms  of  labor  requirements,  readability,  and 
traceability  of  the  analysis.  Die  ease  of  utilization  by  engineers  in  disciplines  other 
than  reliability  and  safety  is  significantly  enhanced. 

Die  matrix  FMEA  approach  can  result  in  a  reduction  in  the  overall  labor  expended 
for  the  analysis  due  to  reduced  clerical  requirements.  Barbour  presented  the  matrix 
FMEA  as  a  supplement  to  the  tabular  form  FMEA.  However,  the  matrix  format  can 
present  all  the  data  required  for  the  tabular  format  with  some  adaptations.  Die 
additional  information  required  can  be  particularly  well  handled  in  automated 
approaches.  If  t*  „  tabular  presentation  is  required,  personnel  with  somewhat  lower  skill 
levels  than  the  original  analyst  can  be  assigned  to  extract  the  required  data.  Diere 
should  also  be  an  overall  reduction  in  labor  due  to  the  easy  traceability  of  the 
approach.  Die  conflicts  which  normally  result  from  the  assignment  of  multiple  analysts 
to  the  same  equipment  are  reduced  by  the  rigid  format  requirements  of  the  matrix 
analysis.  Die  matrix  FMEA  has  been  computerized  (16)  and  the  users  instructions  and 
source  listing  are  in  the  public  domain  (17). 

Die  basic  format  of  the  matrix  FMEA  is  a  significant  improvement  over  tabular 
presentations  in  terms  of  readability  and  traceability.  Die  improved  format  allows 
rapid  interpretation  of  FMEA  results  by  design  engineering  and  management  personnel. 


16 


This  allows  hardware  changes  based  on  the  analysis  to  be  implemented  with  minimum 
resistance.  The  matrix  format  also  allows  for  more  rapid  and  accurate  extraction  of 
analysis  data  by  maintainability  and  technical  publications  engineers.  The  matrix 
FMEA  format  tends  to  improve  the  overall  accuracy  of  the  analysis  due  to  the  rigid 
construction  technique  employed. 

The  primary  limitation  of  the  matrix  FMEA  is  in  its  inability  to  contain 
comments.  This  limitation  can  be  significant  when  dealing  with  critical  failures.  A 
well-designed  equipment  usually  has  some  method  available  for  minimizing  the 
criticality  of  failures.  These  may  include  such  things  as  alternate  operating  modes  or 
pilot  or  operator  recognition  of  the  failure  under  most  circumstances.  It  is  important 
that  the  actions  necessary  to  minimize  critical  failures  be  contained  in  the  FMEA  data. 
This  helps  ensure  preparation  of  adequate  training  and  technical  manual  data 
concerning  critical  failures. 

2.2.4  WEAK  AREAS  IN  FMEA 

A  considerable  amount  of  technical  work  in  the  area  of  fault/failure  analysis  and 
particularly  FMEA  has  been  accomplished  within  the  reliability  and  safety  disciplines 
during  the  last  decade.  There  are  some  areas  where  additional  effort  is  needed  in  the 
electronics  industry,  particularly; 

•  Increasing  the  analysis  usability,  especially  with  respect  to  maintainability 
and  technical  manual  development 

•  Development  of  techniques  and  procedures  for  assessing  real-time  firmware 
based  systems 

•  Standardization  of  component  failure  modes  and  percentages 

The  cost  associated  with  performing  an  FMEA,  particularly  at  the  component 
level,  mandates  that  the  analysis  results  need  to  be  as  widely  used  as  possible. 
Duplication  of  the  effort  involved  in  the  FMEA  needs  to  be  avoided.  The  basic 
information  contained  in  the  analysis  can  provide  a  baseline  for  maintainability 
predictions  and  for  technical  manual  troubleshooting  information  development,  if 
sufficient  information  is  provided  in  a  usable  format.  The  matrix  FMEA  provides  an 
adequate  format  for  the  recovery  of  information,  and  some  early  work  on  obtaining  the 


needed  maintainability  data  has  been  done  by  Herrin  (1 9).  Conley  (20)  has  demonstrated 
the  use  of  a  tailored  FMEA  process  for  assessment  of  BIT  effectiveness.  The  FMEA 
technique  employed  within  the  electronics  industry  needs  to  accommodate  the 
requirements  of  BIT  assessment,  test  point  a  .equacy  evaluation,  and  identification  of 
test  and  maintenance  ambiguity  as  an  integral  pert  of  the  analysis.  The  required 
information  is  apparent  to  the  analyst  as  the  FMEA  is  performed  and  should  be 
incorporated  into  the  analysis  results  to  prevent  duplication  of  the  effort  by 
maintainability  engineers  or  by  technical  manual  preparation  activities. 

Modern  electronic  equipment  is  increasingly  being  designed  with  microprocessor- 
based  control  functions.  This  has  introduced  the  problem  of  identifying  the  failure 
modes  and  effects  of  the  combined  hardware  and  software  of  the  system  as  a  part  of 
the  FMEA  process.  The  procedure  to  be  used  in  these  situations  is  not  standardized. 

The  technical  literature  has.  suggested  both  physical  simulation  of  potential  faults  using 
existing  hardware  (21)  and  the  simulation  of  the  suggested  design  through  an  automated 
program  (22).  An  approach  which  allows  the  FMEA  to  be  performed  for  any 
microprocessor  system  currently  available  is  needed. 

The  performance  of  an  FMEA  with  criticality  analysis  (FMECA)  requires  that 
component  failure  modes  be  tabulated  along  with  the  probability  of  the  component 
failing  in  the  particular  mode.  There  is  currently  no  centralized  source  for  this 
information.  AM  CP-706-1 96  (23)  pro*"d<*3  the  most  comprehensive  listing  currently 
available  but  is  far  from  complete.  A  comprehensive  assessment  of  the  probability 
associated  with  various  component  failure  modes  is  needed. 

The  FMEA  is  uniquely  defined  in  terms  of  requirements.  However,  work  still 
remans  in  developing  a  comprehensive  technique,  applicable  to  electronic  equipment, 
which  is  accurate,  achieves  maximum  usability,  and  is  curt-effective. 

2.3  INDUSTRY  SURVEY 

As  a  part  of  the  Phase  1  study  activity,  a  survey  of  the  electronics  and  aerospace 
industries  was  taken.  The  main  objective  of  the  survey  was  to  identify  any  aids  or 
techniques  developed  by  organizations  for  the  proprietary  use  of  their  engineers  when 
performing  FMEA  which  did  not  appear  in  the  technical  literature.  The  survey  was 
expected  to  provide  some  insight  into  both  the  total  amount  of  automation  of  FMEA 
existing  in  industry  and  the  need  or  desire  for  automated  tools  to  assist  in  the  analysis. 


The  survey  also  solicited  comments  on  areas  of  the  FMEA  process  which  were 
considered  by  the  respondees  to  need  improvement,  and  on  whether  or  not  component 
failure  mode  data  was  available. 

A  total  of  190  questionnaires  (see  Figure  1),  were  sent  to  various  companies, 
organizations,  and  individuals  throughout  the  electronics  and  aerospace  industries 
during  late  M<*;ch,  1 982.  A  total  of  95  responses  were  received.  20  responding 
organizations  indicated  either  some  degree  of  computerization  or  usage  of  automated 
tools.  Subsequent  telephone  contact  was  able  to  confirm  only  a  total  of  1 7 
organizations  which  had  actually  developed  or  were  using  some  degree  of  automation  to 
aid  in  fault/failure  analysis. 


2.3.1  INDUSTRY  COMMENTS 


A  total  of  41  responses  to  the  survey  included  comments  concerning  the  FMEA 
process.  The  most  common  comment  (16  responses)  was  that  automation  was  highly 
desirable  to  help  reduce  the  cost  of  FMEAs.  This  was  offset  by  seven  respondees 
commenting  thet  automation  was  probably  not  possible.  Additional  comments  included 
a  need  for  standardization  (7  responses)  and  a  reed  for  a  reduction  in  the  level  of  detail 
mandated  under  contract  (8  responses). 

A  total  of  44  respondees  indicated  that  they  had  information  on  component  failure 
modes.  The  commehts  provided  indicated  that  MIL-HDBK-217  data  and  various  RADC 
materiel  were  being  used  for  failure  mode  data.  Two  of  the  responding  organizations 
indicated  that  they  lad  developed  componen  failure  mode  data  specialized  for  their 
type  of  equipment.  Only  three  organizations  commented  on  a  lack  of  component  failure 
mode  data.  This  was  surprising  since  a  single,  industry-recognized,  centralized  source 
for  detailed  Component  failure  modes  and  the  percentage  of  the  total  failure  rate  each 
mode  represented  could  not  be  identified.  This  may  be  due  to  very  few  FMEAs  with 
criticality  assessme  nt  being  done  at  the  piece-part  level  or  the  acceptance  of  less 
precision  in  such  canes. 
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HUGHES-FULLERTON 
Hugne*  Aircraft  Company 
Fullerton,  California 

AUTOMATED  FAILURE  MODES  AND  EFFECTS  ANALYSIS  (FMEA)  TECHNIQUES  QUESTIONNAIRE 

I.  RESPONDEE  _ _ 

OOMPANY/AGENCY 

ADDRESS  _ _ ; _ 

CITY/STATE _ ZIP _ TELE _ _ 

DO  YOU  W.'NT  A  COPY  OF  THE  FINAL  REPORT  SENT  TO  YOU? 

y;es _ _  ho  _ 

II.  FMEA  EXPERIENCE 

1.  HAS  YOUR  COMPANY/AGENCY  PERFORMED  OR  SPECIFIED  FMEAS  IN  THE  PAST? 

YES  _  NO  _ 

2.  WHAT  LEVEL  FMEAS  WERE  THEY’  HOW  PERFORMED? 

MANUALVAUTOMATED 

a.  FUNCTIONAL  LEVEL  _  _ 

b.  ASSEM8LY/LRU  LEVEL 

c.  PART  LEVEL 

d.  CHIP  LEVEL  _ _ 

3  WHAT  WERE  THE  GOVERNING  DOCUMENTS? 

MIL  STD  785  _  MIL-STD-1574  _ ■  '  . _  OTHER 

MIL-STD-881  _  MIL  STD  1629/A _ 

MIL  STO-1543  _  MIL-STD  2070  _ 


III.  AUTOMATION  AIDS 

1  HAS  YOUR  COMPANY/AGENCY  DEVELOPED  OR  USED  AUTOMATION  AIDS  FOR  FMEAS? 
YES  NO 


2.  IF  YES.  WHAT  WERE  THEY? 


PROPRIETARY? 

YES  _ 

YES  _ 

YES 

YES 


IV.  GENERIC  DATA 

1  DOES  YOUR  COMPANY/AGENCY  HAVE  STANDARD.  GENER’C  FAILURE  MOOE  DATA  AND  PROBABILITY  Or 
OCCURRENCE  FOR  VARIOUS  PART  TYPES/CLASSES? 

YES _ _  NO  _ 

2.  DOES  YOUR  COMPANY/AGENCY  HAVE  INFORMATION/DATA  ON  FAILURE  MOOES  OF  COMPLEX  MICRO¬ 
ELECTRONIC  OEY'CES  (•«..  MICROPROCESSORS)? 

VES _  NO  _ 

V.  GENERAL 

FLEASE  PROVIDE  ANY  COMMENTS  YOU  FEEL  ARE  RELEVANT  TO  FMEAS.  OR  THE  "STANDARDIZATION  OR 
AUTOMATION  OF  FMEAS.  _ __ 


Figure  1.  FMEA  Industry  Survey  Questionaire 


2.3.2  DEGREE  OF  INDUSTRY  AUTOMATION 


The  survey  responses  received  from  industry  indicated  a  total  of  17  organizations 
with  some  computerization  of  FMEA  or  usage  of  automated  tools.  The  total  number  of 
programs  used  reduced  to  1 5  once  duplication  caused  by  common  usage  of  the  same 
program  by  divisions  of  one  company  was  eliminated.  The  relatively  small  amount  of 
automation  was  surprising  as  the  cost  associated  with  performingan  FMEA  is  typically 
high.  A  breakdown  of  the  types  of  the  programs  identified  is  shown  in  Table  3. 

The  FMEA  programs  identified  were  intended  to  reduce  the  clerical  work  required 
of  the  analyst.  A  computer  was  used  to  save  on  typing  and  sheet  and  section 
renumbering  and  to  allow  easy  revision  of  the  analysis.  The  singular  exception  among 
the  FMEA  programs  is  the  matrix  FMEA  program  "FUME" developed  by  J.  Legg  of  Ford 
Aerospace.  This  program  provides  improved  traceability  and  readability  in  addition  to 
reducing  the  clerical  load  on  the  analyst. 

2.4  COMMERCIALLY  AVAILABLE  FMEA  AUTOMATED  AIDS 

As  a  part  of  the  Phase  1  study,  a  survey  of  the  programs  which  are  commercially 
available  through  the  various  computer  time  share  services  was  taken  to  determine  the 
availability  of  automated  tools  to  assist  in  FMEA.  The  programs  sampled  were  not  all 
inclusive  due  to  the  large  number  available.  However,  k  reasonable  cross  section  of  the 
automated  tools  available  was  evaluated.  The  programs  which  are  commercially 
available  consist  of  two  types:  circuit  design  analysis  programs,  and  clerical  FMEA 
programs.  There  does  not  appear  to  be  any  program  which  combines  the  two  aspects  of 
the  FMEA  process. 


TABLE  3.  COMPUTER  PROGRAM  TYPES  IDENTIFIED 
BY  INDUSTRY  SURVEY 


Program  Type 

Qty 

Roiiauility  Prediction  or  Failure  Probability  Programs 

1 

Fault  Tree  Programs 

4 

Circuit  Analysis  Programs 

1 

FMEA  Programs  (Clerical) 

8 

Event  Sequence  Analysis  Programs  v 

I 
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2.4.1  CIRCUIT  ANALYSIS  PROGRAMS 


The  circuit  analysis  programs  evaluated  are  of  three  basic  types:  digital,  analog, 
and  RF.  There  does  not  appear  to  be  any  single  program  which  will  handle  all  three 
types  of  circuitry  well.  The  circuit  analysis  programs  were  evaluated  for  their  ability 
to  model  single  point  failures  within  a  circuit  under  analysis.  Analog  and  RF  circuit 
analysis  programs  were  expected  to  be  able  to  model  component  shorts,  opens,  and 
tolerance  errors  as  a  minimum  to  be  useful  in  the  FME A  process.  Digital  circuit 
analysis  programs  needed  to  be  capable  of  emulating  at  least  stuck-at-one  (S-A-l), 
stuck -at-zero  (S-A-0),  and  stuck-at-en-indeterminant-ievel  (S-A-0.  The  modeling  of 
the  various  failure  conditions  was  expected  to  be  automatically  done  as  a  part  of  one  or 
more  possible  options  within  the  computer  program. 

The  circuit  analysis  programs  which  were  reviewed  included  XSCEPTRE,  MSINC, 
SPICE  2,  SLICM,  LB  A,  COMPACT,  LOGS,  TEG  AS  5,  and  S’kSCAP  IL  These  programs 
are  all  design  verification  oriented,  but  a  few  have  enough  capabilities  to  be  used  for 
the  circuit  analysis  portion  of  the  FMEA.  Some  of  these  programs  use  convergence 
techniques  and  thus  may  not  run  when  faulted  conditions  are  induced.  Also,  many  of 
these  programs  could  only  be  used  for  an  FMEA  by  "brute  forcing"  the  failed  conditions, 
and  thus  are  not  usable  for  a  truly  automated  FMEA. 


2.4.2  CLERICAL  FMEA  PROGRAMS 


Only  one  clerical  FMEA  program  was  identified  within  the  commercial  market. 
The  program,  PREDICTOR  FMEA,  is  part  of  an  extensive  set  of 
reliability /maintainability  programs  written  by  Management  Sciences  hcorporated. 

The  FMEA  program  was  the  only  section  of  PREDICTOR  evaluated*  However,  the 
program  is  dependent  on  the  file  structures  created  to  run  the  reliability  prediction 
program  portion  of  PREDICTOR.  This  requires  that  the  reliability  prediction  program 
itself  must  be  used  in  conjunction  with  the  FMEA  program. 

2. 4. 3  OVERALL  EVALUATION 

There  are  som*  circuit  analysis  programs  available  which  are  useful  for 
performing  FMEA  at  the  piece-part  leveL  The  best  analog  circuit  analysis  program  for 
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FMEA  purposes  of  those  evaluated  is  SYSCAP II.  For  digital  circuit  !FMEA,  TEGAS  5 
was  the  best  program  of  those  evaluated.  A  circuit  analysis  program  capable  of 
supporting  FMEA  on  high  frequency  RF  circuitry  was  not  identified. 

The  circuit  analysis  programs  evaluated  are  not  considered  feasible  for  inclusion 
in  an  automated  FMEA  package.  These  circuit  analysis  programs  do  provide  some 
valuable  analysis  capability  and  should  be  considered  for  use  to  support  piece  part 
FMEAs. 


2.5  PHASE  I  CONCLUSIONS 

The  Phase  I,  Feasibility  Study,  conclusions  divide  into  two  distinct  areas.  The 
feasibility  of  developing  a  standardized,  manual  technique  for  FMEA  of  electronics 
equipment  is  considered  separately  from  the  degree  of  automation  considered  feasible 
for  the  technique.  These  areas  of  interest  need  to  be  considered  as  separate  topics'll 
the  standardized  technique  is  to  be  capable  of  manual  implementation. 

2.5.1  FEASIBILITY  OF  DEVELOPING  A  STANDARDIZED  TECHNIQUE 

The  development  of  a  standardized  technique  for  performing  FMEA  on  electronic 
equipment  was  considered  feasible.  The  FMEA  process  is  being  specified  and  performed 
on  electronic  equipment  successfully,  and  FMEA  is  being  used  on  equipment  as  diverse 
as  satellites  and  nuclear  power  plants.  The  primary  advantage  of  a  standardized  FMEA 
technique  would  be  in  its  standardizing  of  the  approach,  presentation,  and  program 
phasing.  This  should  provide  consistency  in  the  analysis  methodology  and  a  presentation 
independent  of  the  individual  analyst  or  company. 

A  standardization  of  circuit  analysis  techniques,  similar  to  the  standardization 
imposed  on  reliability  predictions  by  MIL-HDBK-217,  is  not  considered  feasible.  The 
wide  variety  of  potential  circuit  designs,  limited  only  by  the  inventiveness  of  the 
individual  engineer,  precludes  such  standardization.  Additionally,  any  standardization 
of  circuit  analysis  would  be  rapidly  outdated  by  the  evolving  technology  within  the 
industry. 


A  review  Of  the  specifications  and  standards  on  FMEA  undertaken  as  a  part  of  the 
Phase  I  effort  shows  that  they  are  generally  adequate  for  their  purpose.  These 
documents  are  intended  to  define  an  FMEA  in  terms  of  deliverable  data  and  to  form  a 
contractual  baseline  for  the  analysis  when  it  is  formally  imposed  as  a  part  of 
procurement  process.  The  specification  documents  provide  little  or  no  information  on 
the  teciiniques  and  methodology  to  be  used  in  performing  the  analysis.  They  are 
particularly  weak  with  respect  to  electronic  equipment  FMEA.  The  lack  of  adequate 
guidance  for  the  analyst  has  not  precluded  the  use  of  FMEA  for  electronic  equipment. 
There  appears  to  be  an  intuitive  knowledge  within  the  industry  regarding  the  techniques 
required.  This  reliance  on  an  intuitive  definition  of  approach  can  result  in  FMEAs  being 
performed  with  varying  degrees  of  quality.  There  is  a  need  for  a  standardized 
technique  to  ensure  consistency  in  approach,  level  of  detail,  and  presentation. 

Tne  review  of  the  technical  literature  revealed  very  little  in  terms  of  new 
developments  for  FMEA  use.  The  most  significant  development  found  was  the  matrix 
method  approach  developed  by  G.L.  Barbour  in  1977  and  subsequently  computerized  by 
J.L.  Legg  in  1978.  The  matrix  method  represents  a  significant  improvement  in  terms  of 
readability,  traceability,  and  reduction  of  clerical  requirements.  The  method  was 
originally  published  a.  a  supplement  to  tabular  FMEA  methods.  The  matrix  FMEA  in  its 
present  form  cannot  be  used  for  the  entire  analysis  due  to  the  inability  to  include 
commentary  material.  The  inclusion  of  commentary  material  in  a  modified  matrix 
FMEA  technique  is  possible  and  is  especially  easy  in  an  automated  implementation.  An 
automated  FMEA  can  allow  for  the  inclusion  of  comments  while  retaining  the  essential 
matrix  FMEA  features.  The  commentary  material  would  be  stored  in  the  computer 
files  and  recalled  as  a  part  of  the  presentation  in  appropriate  data  sorts.  The  use  of 
automation  will  allow  the  FMEA  data  to  be  recalled  in  various  sorts  depending  upon  the 
intended  use. 

Several  weak  areas  in  existing  FMEA  techniques  were  identified  as  a  part  of  the 
Phase  I  study.  Specifically: 

•  The  lack  of  an  overall  standardized  technique  for  FMEA  of  electronic 
equipment 

•  A  very  high  level  of  clerical  detail  required  by  the  FMEA  which  can  adversely 
impact  cost  and  schedule 

•  The  lack  of  techniques  to  assess  microprocessor  based  circuitty 

•  The  lack  of  a  single,  comprehensive  source  for  piece-part  failure  modes  and 
relative  rates  of  occurrence  thereof. 
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Each  of  these  weak  areas  was  expected  to  be  adequately  addressed  as  a  part  of 
the  standardized  technique  developed  during  Phase  II  of  the  study.  The  overall  success 
in  resolving  the  last  tv  items,  however,  depends  on  the  results  of  further  study. 

2.5.2  FEASIBILITY  OF  DEVELOPING  FMEA  AUTOMATED  TOOLS 
)  *"  — ...... 

A  partial  automation  of  the  standardized  technique  developed  during  Phase  11  of 
the  study  was  considered  both  feasible  and  highly  desirable.  This  is  primarily  due  to  the 
high  cost  associated  with  FMEA  performed  by  manual  methods.  The  need  for  some 
automated  aids  has  been  recognized  within  the  electronics  and  aerospace  industries  as 
evidenced  by  the  development  of  some  limited  automation  aids  by  various  companies 
(see  Section  2.3).  A  universally  accepted  and  recognized  automation  aid  had  not  yet 
been  developed. 

The  programs  currently  existing  in  the  electronics  industry  which  can  be  used  for 
FMEA  are  of  two  distinct  types.  These  are  circuit  analysis  programs  and  clerical  FMEA 
programs.  Each  program  type  has  features  which  recommend  its  use  for  FMEAs. 
Clerical  programs  provide  a  labor  savings  by  helping  to  minimize  the  general  clerical 
load  on  the  analyst.  The  clerical  load  imposed  by  a  MIL-STD-1629A  FMEA  is  quite 
large  when  manual  methods  are  utilized.  Circuit  analysis  programs  provide  increased 
analysis  depth  and  accuracy  capability.  The  circuit  analysis  programs  do  not  appear  to 
provide  a  significant  time  savings  due  to  the  effort  required  to  define  the  circuit  to  the 
computer.  This  may  not  be  the  case  if  the  same  program  is  used  by  the  design  agency 
for  circuit  design  and  evaluation. 

There  are  a  large  number  pf  circuit  analysis  programs  available  in  the  commercial 
marketplace.  These  programs  can  generally  be  accessed  through  the  various  computer 
time-sharing  services.  The  various  programs  are  specialized  as  to  the  type  of  circuit 
analyzed  (e.g.,  linear,  digital,  RF,  etc.).  The  programs  are  oriented  in  terms  of 
frequency  response,  amplitude,  stability,  timing,  temperature  response,  and  other 
relevant  circuit  parameters.  Some  of  these  programs  do  provide  for  at  least  some 
failure  modeling  capability  which  is  useful  for  FMEA.  When  a  parts-level  analysis  of  a 
complex  circuit  is  required,  the  use  of  a  circuit  analysis  program  should  be  considered 
to  ensure  the  required  depth  and  accuracy. 

The  inclusion  of  a  circuit  analysis  computer  program  in  the  automation  of  the 
standardized  technique  of  electronics  FMEA  was  not  considered  feasible.  Several 
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factors  indicate  that  the  inclusion  of  a  universal,  standardized  circuit  analysis  tool 
within  the  automated  FMEA  technique  is  probably  not  possible. 

•  Program  Size  -  The  circuit  analysis  programs  currently  in  use  are  'ery  large 
emulation  programs  developed  for  limited  purposes  at  a  fairly  large  cost. 

•  Program  Specialization  -  There  are  three  basic  types  of  circuit  analysis 
programs  available:  analog,  digital,  and  RF.  There  does  not  appear  to  be  a 
single  program  capable  of  doing  all  three  well. 

•  Program  Acquisition  Cost  -  The  selection  of  a  program  or  programs  for  use  as 
a  baseline  would  probably  be  prohibitively  expensive.  Most  of  the  circuit 
analysis  programs  are  proprietary  and  contracted  through  the  time-share 
services  on  a  profit-making  basis. 

•  Program  Upkeep  -  The  maintenance  and  updating  of  a  large  circuit  analysis 
program  would  require  a  dedicated  staff  to  keep  the  program  current  with 
new  parts  developments  and  new  techniques  in  circuit  design. 

The  inclusion  of  an  automated  interface  between  a  specific  circuit  design  analysis 
program  and  any  clerical  aid  program  developed  for  FMEA  use  was  not  considered  to  be 
feasible.  This  direct  automated  interface  between  programs  would  be  dependent  on  the 
program  selected  and  the  circuit  under  test.  The  circuit  analysis  programs  examined 
which  allowed  failure  modeling  produced  an  output  in  terms  of  voltage,  current,  or 
other  signal  characteristics  at  a  given  point  which  was  defined  by  the  user  as  the  output 
to  be  considered.  The  effect  Gf  any)  of  an  output  point  being  at  a  given  state  as  a 
result  of  a  simulated  fault  is  determined  by  the  user.  The  effect  determined  by  the 
user  dependent  on  the  design  and  tolerances  of  the  next  circuit  in  the  signal  path. 

The  interpreted  results  from  a  circuit  analysis  program  must  be  manually  inputed  to  the 
FMEA  worksheets  or  a  clerical  FMEA  program. 

The  development  of  a  reasonably  comprehensive,  clerical  aid  and  effects  analysis 
type  program  based  on  a  modified  matrix  FMEA  approach  appeared  to  be  feasible  and 
was  expected  to  result  in  a  significant  cost  reduction  for  the  analysis.  The  cost  of  the 
program  development  and  subsequent  maintenance  should  be  significantly  less  than  the 
cost  savings  realized.  Several  companies  bee  Section  2.3)  had  developed  at  least 
partial  aids  at  their  own  expense.  A  single,  comprehensive,  clerical  FMEA  program  had 
not  yet  been  developed.  Developing  such  a  program  was  not  considered  to  represent  an 
insurmountable  technical  challenge. 
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SECTION  3 

PHASE  n  STUDY  ACTIVITY  OVERVIEW 


The  activities  undertaken  as  a  part  of  Phase  II  of  the  Automated  FMEA  Techniques 
study  consist  of  four  tasks.  Research  was  conducted  into  the  amount  of  information 
available  to  allow  categorization  and  quantification  of  component  failure  modes.  A  set 
of  recommendations  for  improving  the  FMEA  process,  independent  of  the  specific 
technique  used  for  the  analysis,  was  produced.  A  standardized  FMEA  technique,  the 
Advanced  Matrix  Technique  was  developed.  Additionally,  an  automated  aid,  the  Failure 
Effects  and  Data  Synthesis  program  (FEADS),  to  accompany  the  Advanced  Matrix 
Technique  was  developed.  An  overview  of  each  of  these  topical  activity  areas  is 
presented  in  the  following  paragraphs. 


3.1  COMPONENTS  OVERVIEW 

The  components  activity  undertaken  during  phase  two  of  the  study  was  directed  at 
( 1)  obtaining  solutions  to  the  lack  of  data  on  the  failure  mode  of  common^  high  useage, 
parts  and  at  (2)  obtaining  sufficient  information  to  allow  the  categorization  of  the 
failure  signatures  of  complex  microcircuits  at  the  device  output  pins.  The  need  for  a 
comprehensive,  traceable  list  of  piece  part  failure  modes  and  their  associated  rates  of 
occurrence  had  been  identified  as  a  part  of  phase  one  of  the  study.  These  component 
failure  modes  are  needed  to  allow  accurate  evaluation  of  failure  criticality  rankings. 
Also,  a  knowledge  of  the  prominent  component  failure  modes  helps  assure  that  all 
potential  problems  are  considered. 

Data  on  the  failure  signatures^  complex  microcircuits  are  needed  to  allow  proper 
consideration  of  complex  microcircuits  during  piece  part  FMEAs.  Categorizing  the 
failures  of  complex  devices  as  short  or  open  during  FMEA  is  clearly  inadequate.  Some 
state  of  the  art  microcircuits  have  internal  complexities  approaching  that  of  entire 
equipment  designed  twenty  years  ago. 


An  integrated  approach  was  taken  to  the  two  component  data  searches.  An 
attempt  was  made  to  identify  any  electronics  industry  information  among  component 
users.  This  was  a  follow  up  to  the  industry  survey  started  during  phase  one  of  the 
study.  Additionally,  contacts  were  made  with  component  manufacturers  to  determine 
if  useful  data  could  be  supplied. 

The  search  for  relevant  failure  mode  data  was  expected  to  be  successful  for  high 
useage  parts  (e.g.,  resistors,  capacitors).  The  search  for  data  on  complex  microcircuits 
was  expected  to  be  more  difficult  than  that  for  high  useage  parts  due  to  the  much 
smaller  number  of  devices  and  relatively  short  useage  period.  The  data  available  on  all 
types  of  devices  was  found  to  be  sparse.  The  data  which  was  identified  appears  to  be 
the  result  of  a  Delphi  process  at  the  various  companies.  The  components  efforts  and 
results  are  detailed  in  section  4. 

3.2  FMEA  RECOMMENDATIONS  OVERVIEW 

Several  recommendations  for  FMEA  were  developed  as  a  part  of  the  phase  two 
study  activity.  These  recommendations  are  the  result  of  an  assessment  of  FMEA 
weaknesses  during  phase  one  of  the  program  and  the  development  of  the  standardized 
FMEA  technique  during  phase  two  of  the  study.  Two  recommendations  of  significance 
resulted.  The  schedule  of  performance  of  FMEAs  needs  to  be  accelerated  to  allow 
earlier  completion  of  most  analysis  activity.  This  earlier  performance  of  tasks  is 
achievable  using  the  advanced  matrix  technique  and  its  accompanying  automation 
package.  Additionally,  an  FMEA  guidance  conference  is  recommended.  A  guidance 
conference,  very  early  in  the  design  process,  will  allow  the  communication  of  critical 
failure  concerns  so  that  failure  severities  can  be  correctly  assigned  during  the 
performance  of  the  FMEA.  A  discussion  of  general  FMEA  related  considerations  and 
recommendations  is  provided  in  section  5  of  the  report. 

3.3  STANDARDIZED  TECHNIQUE  OVERVIEW 

The  standardized  FMEA  technique,  the  Advanced  Matrix  Technique,  developed 
during  phase  two  of  the  study  is  a  comprehensive  approach  to  FMEA  which  is  integrated 


with  the  total  design  process.  The  technique  represents  a  significant  expansion  and 
refinement  of  the  tnatrix  technique  originally  presented  by  Barbour  (15).  The  basic 
matrix  technique  has  been  refined  to  allow  all  parts  of  the  FME4  to  utilize  the  matrix 
format,  and  provisions  for  the  inclusion  of  commentary  material,  failure  severity  levels, 
and  test  point  information  have  been  made.  Additionally,  the  basic  matrix  method  has 
been  extended  to  use  all  possible  failure  modes  and  effects  and  to  provide  a  means  of 
readily  extracting  built-in-test  and  maintenance  ambiguity  information.  Adaptability 
to  computerization  is  inherent  in  the  structure  of  the  advanced  matrix  technique.  The 
analysis  results  are  inherently  traceable  due  to  its  matrix  structure.  Traceability  is 
further  enhanced  through  the  use  of  signal  and  assembly  mnemonics.  The  matrix 
structure,  while  enhancing  traceability  of  the  analysis,  also  provides  the  rigid, 
documentaton  discipline  needed  to  allow  multiple  analysts  to  work  on  an  FMEA 
successfully.  The  Advanced  Matrix  Technique  has  the  ability  to  accommodate  the  use 
of  several  analysts  on  a  single  FMEA.  This  allows  the  analysis  to  be  completed  in  a 
time  frame  which  is  consistent  with  an  ongoing  design  program,  thus  helping  assure 
maximum  design  impact  from  the  analysis  results.  The  Advanced  Matrix  Technique  is 
presented  in  detail  in  section  6. 

3.4  FMEA  AUTOMATION  OVERVIEW 

The  Failure  Effects  and  Data  Synthesis  (FEADS)  automation  package  developed 
during  phase  two  of  the  study  is  a  comprehensive  computer  implementation  of  the 
Advanced  Matrix  Technique.  The  package  of  FORTRAN  programs  provides  a  user 
friendly  environment  conducive  to  easy  documentation  of  FMEA.  The  user  is  provided 
with  a  direct,  on-screen,  method  of  recording  circuit  analysis  results  during  the 
performance  of  FMEA.  Additionally,  the  automation  package  provides  the  user  with 
the  means  to  rapidly  obtain  previously  entered  analysis  material.  The  user  can  request 
any  of  four  different  assembly  level  analysis  outputs  and  seven  separate  system  analysis 
outputs.  The  FEADS  program  features  built-in,  on-line,  guidance  to  the  user  which 
allows  an  FMEA  analyst  to  use  the  program  after  reading  the  users  manual.  Formal 
training  in  program  use  is  not  required.  Overall,  the  FEADS  automation  package,  which 
is  discussed  in  section  7  is  a  time  and  cost  effective  tool  for  performing  FMEA. 


SECTION  4 

COMPONENT  ACTIVITY 


As  a  part  of  the  Phase  II  study  activity,  an  attempt  to  identify  component  failure 
modes  and  their  rates  of  occurrence  was  made.  A  knowledge  of  component  failure 
modes  helps  ensure  that  all  potential  failures  are  considered  as  a  part  of  FMEA.  A 
knowledge  of  the  appropriate  rate  of  occurrence  for  each  component  failure  mode  is 
necessary  if  accurate  criticality  analysis  is  needed.  A  search  for  component 
information  sources  was  considered  appropriate  in  that  there  was  no  recognized  source 
for  the  needed  information  referenced  by  either  the  specification  standards  which  are 
relevant  to  FMEA,  or  by  the  technical  literature  on  FMEA. 

The  component  activity  was  divided  into  two  distinct  but  related  activities.  One  or 
more  definitive  sources  of  information  on  high  useage  piece-parts  (capacitors^  resistors, 
etc.)  was  sought.  The  identification  of  such  a  source  or  sources  would  allow  both  the 
appropriate  failure  modes  and  the  relevant  rates  of  occurrence  to  be  determined. 
Additionally,  sources  of  data  on  complex  microcircuit  failures  were  sought.  If 
sufficient  data  could  be  obtained,  the  possibility  of  characterizing  the  failure  modes  of 
complex  , microelectronic  devices  existed. 

The  approach  taken  to  gathering  component  information  was  to  pursue  three 
possible  sources  of  information.  The  technical,  component  user,  community  was 
contacted  for  information,  the  available  technical  literature  was  searched  for  relevant 
information  and  for  references  to  sources  of  information,  and  a  sampling  of  component 
manufacturers  were  contacted  to  determine  what  information  could  be  provided  by 
them.  The  overall  approach  was  designed  to  allow  the  widest  visibility  into  any  existing 
sources  of  information. 

The  success  or  failure  of  the  search  for  component  information  depended  on  the 
identification  of  existing  data  bases  within  the  electronics  industry.  The  development 
of  new  data  bases  from  existing  programs  was  considered  to  be  beyond  the  scope  of  this 
study.  A  limited  compiling  and  restructuring  pf  existing  data  was  considered  reasonable 
for  obtaining  complex  microelectronic  device  failure  mode  information  due  to  the  low 
probability  of  any  single  information  source  being  large  enough  for  the  purpose  of  this 
study. 
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4.1  INDUSTRY  SURVEY 

The  industry  survey  for  component  information  performed  during  Phase  n  of  the 
FMEA  study  was  an  extension  of  the  survey  performed  as  a  part  of  Phase  I  of  the 
study.  During  Phase  I,  a  total  of  190  questionnaires,  as  shown  in  Figure  2.3-1,  were  sent 
to  industry.  A  total  of  95  responses  to  the  survey  were  received.  Of  the  95  responses, 

39  respondees  indicated  at  least  some  component  failure  data  (item  IV  on  survey  form). 
Ten  respondees  indicated  that  their  companies  or  organizations  had  some  data  on 
complex  microcircuits. 

Each  organization  which  indicated  component  failure  mode  data  was  contacted  by 
telephone  and  questioned  regarding  the  type  and  amount  of  data  available.  This 
resulted  in  a  total  of  five  listings  of  high  useage  component  failure  modes  and  their 
rates  of  occurrence  to  be  identified  and  obtained.  All  of  the  responses  which  indicated 
that  companies  possessed  information  on  complex  microcircuit  failure  modes  resulted  in 
false  leads.  The  various  organizations  were  indicating  that  they  possessed  some  failure 
experience  on  a  few  complex  microelectronic  devices.  There  were  no  data  bases  for 
such  information. 

A  total  of  14  microelectronics  device  manufacturers  and  two  component  test 
laboratories  were  contacted  to  identify  relevant  data  sources  which  they  could  provide. 
The  component  test  laboratories  were  unable  to  provide  any  data  sources.  The 
component  manufacturers  had  a  significant  amount  of  information  available  on  the 
failure  mechanisms  (open  metalization,  etc.)  but  not  on  the  failure  modes  (short,  open, 
wrong  value,  etc.)  associated  with  complex  microelectronic  devices^  The  lack  of 
information  was  not  surprising  since  the  component  manufacturing  industry  requires 
data  bases  for  process  control  purposes.  Process  control  requires  a  knowledge  of  failure 
mechanism  rather  than  failure  mode.  This  resulted  in  no  relevant  data  bases  for 
complex  microelectronic  device  failure  modes. 


4.2  LITERATURE  SEARCH 

A  search  of  the  technical  literature  on  component  failure  was  conducted  as  a  part 
of  the  attempt  to  find  relevant  component  failure  modes  and  their  associated  rates  of 
occurrence.  The  initial  search  of  the  technical  data  bases  identified  a  total  of  861 
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candidate  published  materials  for  review.  A  review  of  the  abstracts  of  the  candidate 
materials  resulted  in  95  items  of  potential  interest.  A  review  of  the  95  published  items 
of  interest  narrowed  the  list  of  directly  relevant  items  to  zero.  This  is  a  result  of  the 
industry  requiring  information  on  component  failure  mechanisms  rather  than  component 
failure  modes.  This  is  not  a  particularly  surprising  focus  of  interest  in  that  component 
failure  mechanisms  studies  can  suggest  ways  to  improve  the  manufacturing  procesres 
associated  wLn  components.  Component  failure  modes  are  primarily  of  interest  to 
engineers  performing  FMEA. 


4.3  HIGH  USAGE  PARTS 


A  total  of  15  lists  of  high  usage  component  part  failure  modes  for  use  on  FMEA 
were  identified  through  the  industry  survey  and  through  Hughes  Aircraft  internal 
sources.  Once  duplications  between  the  received  lists  were  eliminated  a  total  of  ten 
lists  remained. 

Each  of  the  received  lists  was  reorganized  to  allow  direct  comparison  of  the  results 
by  component  type  and  failure  mode.  The  resultant  combination  of  lists  is  shown  in 
Table  4.  An  examination  of  the  table  reveals  a  lack  of  commonality  between  lists  with 
respect  to  components  considered,  and  the  rates  of  occurrence  found  for  each  failure 
mode. 

A  follow-up  investigation  into  the  sources  of  the  various  lists  was  conducted 
.-rherever  the  source  could  be  identified.  The  results  were  that  all  ten  lists  shown  were 
*rom  sources  which  could  not  be  determined  (Le.,  lists  which  had  been  around  the 
"arious  companies  for  a  long  time),  or  were  the  result  of  a  Delphi  process  among  the 
engineers  at  the  particular  company,  or  were  from  published  sources  (AMCP  706-165) 
which  could  not  be  verified  at  the  source.  The  lack  of  consistency  between  lists 
suggests  that  there  is  too  little  information  available  in  the  component  failure  mode 
area  to  allow  a  Delphi  process  to  be  effective. 

The  lack  of  a  definitive  source  for  component  failure  mode  and  rate  of  occurrence 
data  represents  a  potential  problem  in  terms  of  FMEA  accuracy,  particularly  for 
criticality  analysis.  The  analyst  can  assume  short  and  open  failure  modes  for  all  types 
of  devices.  In  most  cases  there  are  other  failure  modes  that  potentially  should  be 
considered  in  the  analysis;  however,  these  modes  are  not  well  defined.  The  rates  of 


occurrence  pruned  for  the  various  failure  modes  remain  undefined.  The  best 
surges t ion  available  to  those  analysts  performing  FMEA  under  Government  contract  is 
to  use  the  list  contained  in  AMCP  706-165  (column  #1)  to  the  extent  possible.  This  list 
is  not  known  to  be  more  accurate  than  any  other  list  encountered.  The  list  in  AMCP 
706-165  does,  however,  provide  a  traceable  suurce  for  the  data  used. 


4.4  COMPLEX  MICROELECTRONIC  DEVICES 

The  feasibility  of  categorizing  the  failure  modes  of  complex  microelectronic 
devices  based  on  their  failure  signature  at  the  output  pins  was  investigated  as  a  part  of 
the  components  effort.  The  approach  taken  was  to  survey  the  electronics  industry  for 
any  relevant  data  on  microelectronic  device  failure,  and  the  technical  literature  for 
information  on  failure  patterns  or  failure  experience  with  these  devices,  and  then  to  ^ 
attempt  to  produce  a  categorization  scheme  based  on  the  failure  experience  base  of  the 
electronics  industry. 

The  survey  of  the  electronics  industry  produced  no  useable  compilations  of  data  on 
microelectronic  devices.  A  review  of  the  technical  literature  revealed  a  paucity  of 
information  on  failure  mode  and  rate  experience.  There  is,  however,  a  significant 
amount  of  data  on  failure  mechanisms  available,  but  there  is  not  a  one  to  one 
correspondence  be‘'.veen  failure  mechanism  and  failure  mode.  As  a  result  of  the  lack  of 
correspondence  between  the  available  information  on  failure  mechanism  and  the  needed 
failure  mode  information,  it  is  not  considered  feasible  to  categorize  the  failure  modes 
of  complex  microelectronic  devices  on  the  basis  of  their  failure  signature  at  the  output 
pins. 

If  the  electronics  industry  were  currently  to  begin  a  massive  data  collection  effort 
on  an  industry-wide  basis  to  form  a  pool  of  information  on  complex  microcircuit 
failures,  the  effort  still  might  not  produce  a  useable  result.  Tlte  complex  microcircuits 
currently  in  use  are  highly  reliable,  the  data  base  required  to  produce  meaningfid 
results  is  very  large,  and  the  rate  at  which  complex  microelectronic  devices  are  made 
technologically  obsolete  is  relatively  rapid.  This  combination  of  characteristics  may 
make  any  effort  to  reliably  characterize  complex  device  failure  modes  outdated:  prior 
to  its  completion.  The  usefulness  of  this  information  for  FMEA  is  heavily  dependent  on 
its  applicability  t**  devices  which  are  being  actively  used  for  new  design.  The  advances 


In  component  technology  within  the  electronics  industry  which  have  characterized  the 
last  decade  or  more  may  be  occurring  too  rapidly  for  the  FMEA  technology  on 
component  failure  modes  to  keep  abreast  of  the  latest  trends  at  a  reasonable  cost. 

The  analyst  who  is  assigned  to  perform  a  piece-part  FMEA  on  modern,  complex 
circuitry,  where  complex  microelectronics  devices  are  used  is  faced  with  a  problem 
which  cannot  readily  be  resolved.  There  is  currently  no  method  to  ensure  that  all 
potential  failure  modes  of  the  component  are  analyzed.  The  analyst  can  consider  the 
short,  open,  and  stuck-at-high  impedance  failure  modes  as  they  apply  at  each  output  pin 
and  possible  combinations  of  output  pins.  This  is  expected  to  be  less  than  satisfactory 
in  most  cases  and  may  be  impossible  where  very  complex  devices  such  as  micro¬ 
processors  are  considered  due  to  the  number  of  possible  conditions  which  must  be, 
considered. 

The  only  reasonable  solution  to  the  problem  created  by  the  lack  of  failure  mode 
categorization  for  complex  microelectronic  devices  is  to  limit  the  performance  of 
FMEA  to  a  higher  level  of  indenture  than  piece-part  when  such  devices  are  used.  This 
approach  may  not  seem  ideal  in  terms  of  the  depth  of  the  analysis,  but  it  will  ensure 
that  all  potential  failure  modes  are  examined  at  the  higher  levels  of  indenture,  thus 
eliminating  the  need  for  the  piece  part  level  of  detail. 
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TAdLE  4.  HIGH  USAGE  COMPONENT  FAILURE  MODES  AND  PERCENTAGES  OF  OCCURRENCE  (Continued) 
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TABLE  4.  HIGH  USAGE  COMPONENT  FAILU11E  MODES  AND  PERCENTAGES  OF  OCCURRENCE  (Continued) 


SECTION  5 

GENERAL  FMEA  CONSIDERATIONS 


This  section  provides  a  general  discussion  of  some  FMEA  related  topics  of  a 
general  type.  The  topics  discussed  are  independent  of  the  specific  technique  utilized  in 
performing  the  FMEA  and  do  not  provide  specific  information  on  areas  related  to  the 
application  of  the  standardized  technique. 

An  FMEA  is  a  hardware-based  analysis  of  the  effects  of  failure  on  an  end  item 
equipment  or  system  at  each  successive  level  of  hardware  indenture.  The  analysis 
proceeds  concurrent  with  the  hardware  design  program  becoming  increasingly  complex 
as  the  specific  design  detail  becomes  available.  The  final  analysis  is  a  bottom-tv* 
evaluation  of  the  effects  of  each  discrete  possible  failure  at  every  level  of  hardware 
indenture.  The  analysis  has  traditionally  been  limited  to  single  point  failures; 

A  carefully  performed  FMEA  provides  the  necessary  information  to  support  a 
wide  range  of  engineering  specialty  disciplines.  The  FMEA  has  traditionally  been  used 
to  provide  reliability  and  safety  information  during  the  design  process.  The  analysis  can 
also  support  maintainability  analysis  in  accordance  with  MIL-HDBK-472,  Procedure  5, 
built-in-test  effectiveness  evaluations,  testability  evaluation,  and  provide  an  , 
information  source  for  evaluating  the  logistics  supportability  of  the  design.  The  use  of 
an  FMEA  as  a  baseline  for  multi-discipline  analyses  requires  that  one  or  more  highly 
skilled  analysts  perform  the  FMEA.  The  analyst  performing  the  FMEA  will  need  to 
either  be  skilled  in  design  engineering,  reliability,  safety,  maintainability,  human 
factors,  and  integrated  logistics  or  have  access  to  and  support  from  individuals  with  the 
necessary  technical  background. 

5.1  FMEA  PROGRAM  PHASING 

The  performance  of  an  FMEA  concurrent  with  Lie  design  program  is  crucial.  The 
analysis  needs  to  produce  continuous  interim  results  which  can  cause  design  changes  at 
an  optimum  point  during  the  design.  An  FMEA  which  is  performed  at  the  conclusion  of 
a  design  program  may  have  little  impact.  Incoiporating  the  results  of  a  late  FMEA  can 
be  cost-prohibitive  for  all  but  the  most  severe  problems  discovered  by  the  analysis. 


An  FMEA  should  almost  never  be  the  analysis  of  choice  for  existing  systems  and 
equipment.  The  mandated  performance  of  an  FMEA  on  an  existing  equipment  under  a 
Government  contract  can  potentially  produce  a  biased  document.  The  FMEA  may  be 
used  either  to  justify  the  already  made  design  decisions  or  as  justification  for  a  redesign 
contract  at  a  profit  for  the  contractor.  An  FMEA  should  be  considered  for  an  existing 
equipment  only  when  the  equipment  history  indicates  that  a,  major  redesign  program  is 
required.  The  FMEA  can  be  used  in  these  cases  to  provide  scope  and  direction  to  the 
redesign  program. 


5.1.1  PROGRAM  PHASES 

The  program  phases  discussed  in  this  section  are  presented  in  terms  of  a  military 
procurement.  There  should  be  a  one-to-one  correspondence  between  a  commercial 
program  and  a  military  procurement.  The  major  differences  are:  (l)  there  are  no 
formal  dividing  points  between  program  phases  and  (2)  the  equipment  is  usually  designed 
in  response  to  the  demands  of  the  marketplace  rather  than  to  a  formal  specification 
issued  by  the  end  user.  The  four  phases  of  the  normal  military  procurement  cycle  are 
discussed  below. 


5. 1.1.1  Conceptual  Phase 


nts 


Duri 
requiremei 
or  a  missili 
developme  r 
FMEA  doeji 


tv. 


the  conceptual  phase  of  a  design  program,  equipment  needs  or 
in  overall  terms  are  decided.  Decisions  such  as  whether  to  use  an  aircraft 
for  a  specific  defined  mission  requirement  are  resolved  along  with  the 
it  of  general  capabilities  requirements  for  the  selected  equipment.  An 
not  have  any  general  applicability  during  this  phase. 


5. 1.1.2  Validation  Phase 

During  the  validation  phase,  the  general  requirements  defined  during  the 
conceptual  phase  are  further  refined  to  produce  specific  system  and  subsystem 
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requirements.  This  phase  may  include  some  limited  hardware  design  to  assess  the 
feasibility  of  requirements  with  respect  to  existing  technology.  The  validation  phase 
will  result  in  detailed  system  and  subsystem  specifications  to  be  utilized  in  designing 
hardware  during  the  Full-Scale  Engineering  Development  (FSED)  phase. 

An  FMEA  is  not  generally  applicable  during  the  validation  phase.  The  analysis 
can,  however,  be  used  to  help  assess  the  safety  and  reliability  features  of  the  limited 
hardware  design  which  sometimes  occur  during  the  validation  phase. 

There  are  numerous  tradeoffs  in  design  options  which  occur  during  this  phase. 
While  an  FMEA  is  not  directly  applicable  to  these  tradeoffs,  the  FMEA  requirements  of 
a  program  can  be  significantly  impacted.  During  the  validation  phase  the  information 
necessary  to  identify  items  or  functions  which  are  inherently  safety  critical  should  be 
determined. 


5. 1.1.3  Full-Scale  Engineering  Development  Phase 

The  FSED  phase  of  a  design  program  is  characterized  by  the  development  of 
detailed  hardware  design  solutions  to  the  system,  subsystem,  and  equipment 
requirements  defined  during  the  validation  phase  of  a  program.  The  FSED  phase 
progresses  from  conceptual,  block  diagram  approaches  to  detailed  hardware  designs  and 
the  development  and  test  of  engineering  prototype  equipment. 

The  FSED  phase  has  several  major  program  milestone  points  uniquely  associated 
with  it:  . 

•  Preliminary  Design  Review  (PDR)  -  The  PDR  milestone  is  usually  held  at  a 
relatively  early  point  in  the  design  process.  The  purpose  of  the  PDR  is  to 
review  conceptual  design  approach  at  a  block  diagram  level  to  ensure  that 
the  conceptual  approach  selected  is  capable  of  achieving  the  necessary 
performance  requirements. 

•  Critical  Design  Review  (CDR)  -  The  CDR  milestone  typically  is  scheduled  at 
the  end  of  the  conceptual  or  paper  design  time  frame.  The  purpose  of  the 
CDR  is  to  review  the  detailed  design  approaches  used  to  satisfy  the 
equipment  performance  requirements.  Engineering  prototype  equipment  is 
not  usually  available;  however,  most  of  the  hardware  solutions  presented  have 
been  at  least  partially  validated  in  engineering  breadboard  configurations 


•  Qualification  Testing  -  Qualification  testing  of  engineering  prototype 

equipment  occurs  during  the  final  segment  of  the  FSED  phase.  One  or  more 
prototype  equipments  are  subjected  to  the  appropriate  testing  to  ensure  that 
the  final,  integrated  hardware  design  will  perform  adequate:  in  its  intended 
environment. 

The  FSED  phase  concludes  with  the  successful  completion  of  qualification  testing.  The 
hardware  design  has  been  proven  and  is  ready  to  enter  production 

The  FSED  phase  is  usually  the  period  of  the  most  intense  FMEA  activity.  The 
analysis  is  iteratively  performed  during  this  period.  The  analysis  proceeds  in  increasing 
detail  as  the  hardware  design  progresses.  The  ongoing  analysis  is  used  as  an  information 
source  to  provide  design  feedback  on  the  reliability,  safety,  maintainability,  and  testa¬ 
bility  impacts  of  the  design  approaches  taken.  The  timely  performance  of  an  FMEA 
during  FSED  is  important  to  ensure  maximum  design  impact.  An  FMEA  performed  late 
in  the  FSED  phase  of  a  program  can  result  in  an  Expensive  CDRL  item  which  con¬ 
tributes  little  to  the  design  itself  due  to  the  high  cost  of  implementing  design  changes. 

5. 1.1.4  Production  Phase 

The  production  phase  of  a  program  is  the  final  phase,  where  production  hardware 
is  produced  for  delivery  to  a  customer.  The  basic  design  of  an  equipment  remains  fairly 
constant  throughout  this  phase  but  is  subject  to  modification  to  provide  better 
productivity,  easier  assembly,  better  availability  of  parts,  and  some  performance 
enhancements.  The  early  production  period  is  usually  characterized  by  frequent 
changes.  The  number  of  changes  gradually  reduces  as  production  continues  and  an 
optimal  prcducibility  point  is  approached. 

The  primary  FMEA  activity  (if  any)  during  the  production  phase  of  a  program 
consists  of  updating  for  design  changes.  The  FMEA  which  was  produced  during  the 
FSED  phase  can  be  continually  updated  to  reflect  design  changes  allowing  use  as  a 
baseline  document  to  assess  the  reliability,  maintainability,  safety,  and  testability 
impact  of  proposed  changes. 
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5.2  FMEA  ACTIVITY  OVERVIEW 

FMEA  activity  usually  starts  in  the  very  late  validation  phase  or  early  FSED  phase 
and  continues  as  an  integrated  program  element  throughout  the  design  program.  It  can 
then  be  used  until  production  is  complete  as  shown  in  Figure  2.  This  requires  various 
approaches  to  the  FMEA  be  used  which  are  compatible  with  the  design  program  phase. 

The  FMEA  effort  during  late  validation  phase  should  focus  on  the  identification 
and  tradeoff  of  inherently  critical  functions  for  design  control.  The  identification  of 
inherently  critical  functions  is  a  part  of  the  system  engineering  process  and  involves  an 
iterative  tradeoff  process  with  respect  to  all  areas  of  designs.  The  task  of  determining 
criticality  for  subsystems  is  often  not  straightforward  and  usually  involves  a  number  of 
compromises  between  various  subsystem  elements  with  respect  to  performance  versus 
redundance.  As  an  example: 

During  the  initial  design  of  an  aircraft,  it  is  decided  to  use  TACAN  for  area 
navigation  information.  The  TACAN  is  to  supply  range  and  bearing  information  to  an 
on-board  computer  for  use  in  position  determination  and  aircraft  guidance  control  over 
a  redundant  serial  bus  structure  in  digital  format.  Erroneous  aircraft  position 
determination  is  an  inherently  critical  item.  The  failure  of  a  single  navigation  aid  is 
not  generally  critical  as  other  equipments  supply  redundant  information.  The  design 
approach  to  position  determination  (TACAN)  allows  several  different  approaches  which 
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Figure  2.  Development  Program  Time  Line 
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will  effect  the  severity  classification  of  failures  of  the  on-board  equipment  which  is 
being  designed, 

•  Approach  No.  1:  Install  one  TACAN  on  board  the  aircraft  which  is  in  direct 
dialog  with  the  computer.  The  TACAN  is  then  backed  up  by  an  additional 
navigation  aid  (non-TACAN)  which  can  be  used  by  the  pilot  to  determine 
position  This  approach  requires  that  the  TACAN  built-m-test  circuitry  be 
extremely  effective.  It  has  the  potential  to  adversely  impact  cost  and 
schedule.  This  also  requires  that  built-in-test  failures  be  treated  as 
inherently  critical  by  the  TACAN  manufacturer  during  design. 

•  Approach  No.  2:  Install  more  than  one  TACAN  and  compare  the  range  and 
bearing  outputs  in  a  voting  arrangement.  This  approach  will  effectively 
prohibit  the  acceptance  of  incorrect  information  due  to  TACAN  failures 
eliminating  the  need  for  an  inordinately  effective  built-in-test  arrangement. 
The  inherent  disadvantage  of  this  approach  is  that  multiple  TACANs  must  be 
purchased  at  an  increased  cost  and  the  space  for  additional  avionics  packages 
may  not  be  available. 

•  Approach  No.  3:  Install  one  TACAN  with  a  fairly  effective  Built-in-Test 
(BIT)  capability  and  perform  a  computer  check  on  the  range  and  bearing 
information  received  with  respect  to  the  last  data  received.  The  comparison 
of  readings  would  allow  the  on-board  computer  to  effectively  perform  a  BIT 
which  would  be  capable  of  detecting  gross  failures.  Gross  failures  normally 
produce  range  or  bearing  differentials  which  exceed  the  aircraft  performance 
capabilities.  The  inherent  disadvantage  pf  this  approach  is  that  temporary 
transients  which  affect  the  TACAN  readings  would  potentially  hive  to  be 
treated  as  failures,  causing  a  high  false  alarm  rate. 

The  results  of  each  system  engineering  tradeoff  will  determine  the  inherent  level 
of  severity  for  the  various  subsystem  functions.  These  severity/safety  considerations 
will  then  effect  the  FMEAs  performed  at  the  system  ievel  and  at  each  succeeding  level 
of  hardware  indenture.  In  the  example  given.  Approach  No.  2  would  effectively 
preclude  the  need  for  a  TACAN  FMEA,  while  Approach  No.  1  would  require  that  an 
FMEA,  potentially  to  a  piece-part  level  of  detail,  be  performed  for  the  TACAN. 
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The  results  of  these  system  engineering  decisions  must  be  available  to  an  engineer 
who  is  performing  an  FMEA  for  determination  of  failure  severity.  The  necessary 
system  design  tradeoff  information  is  best  transferred  to  subsystem  design  groups 
through  conference  approach  between  the  responsible  system  engineering  group  (often  a 
Government  agency  or  major  contractor)  and  the  responsible  subsystem  design  group 
(often  a  subcontractor),  rhe  initial  conference  should  take  place  at  the  end  of  the 
validation  phase  or  at  the  start  of  the  FSED  phase  and  prior  to  the  start  of  detailed 
hardware  design  for  the  system  and  subsystems.  This  will  allow  an  early  identification 
of  critical  areas  for  design  control  and  will  allow  FMEA  to  focus  on  those  design 
attributes  which  are  inherently  safety  related. 


5.3  FMEA  ACTIVITY  IN  FULL-SCALE  ENGINEERING  DEVELOPMENT 


Formal  FMEA  activity  should  commence  concurrent  with  the  start  of  hardware 
design.  This  is  normally  the  beginning  of  the  FSED  phase.  FMEA  activity  during  the 
FSED  should  be  fairly  intensive  and  closely  follow  the  ongoing  design  progam.  The 
accomplishment  of  FMEA  activity  coincident  with  the  design  process  is  extremely 
important  if  maximum  benefit  is  to  be  gained  from  the  activity. 

During  the  early  FSED  phase  which  occupies  the  time  frame  from  the  start  of 
FSED  until  a  PDR  time  frame,  FMEA  efforts  should  proceed  at  a  block  diagram  leveL 
Design  guidelines  and  criteria  identifying  the  system  and/or  subsystem  failure  modes 
which  are  inherently  of  severity  Category  1  (catastrophic)  or  Category  IJ  (critical) 
should  be  issued  as  early  as  possible.  As  the  tentative  system/subsystem  partitioning  is 
identified,  individual  guidelines  for  avoiding  Category  I  and  II  failure  effects  should  be 
tailored  for  each  of  the  identified  hardware  subdivisions.  The  hardware  design 
identifies  the  approach  which  will  be  taken  at  a  block  diagram  leveL  The  FMEA  should 
be  performed  at  this  leveL  and  the  results  should  be  used  to  judge  the  acceptability  of 
the  proposed  approach  with  respect  to  resolving  the  inherent  potential  for  Category  I 
and  II  failures.  Additionally,  initial  guidelines  on  indicators,  test  points,  and  HIT  should 
be  generated  as  a  part  of  the  FMEA  activity,  so  that  testability  and  failure 


detectability  are  considered  an  integral  part  of  the  design.  The  results  of  the  early 
FMEA  activity  and  proposed  solutions  to  any  problems  should  be  presented  at  the  PDR. 

During  the  PDR  or  a  closely  coincident  time  frame,  an  FMEA  conference  should 
be  held.  This  conference  will  allow  a  thorough  review  of  early  FMEA  activity  and  a 
tailoring  of  further  FMEA  effort  to  be  agreed  upon.  The  conference  should  produce  an 
agreement  on  basic  failure  criticality  considerations  and  allow  the  transfer  of  needed 
information  between  the  responsible  FMEA  engineer  and  the  customer's  organization. 

It  is  not  unusual  for  subsystem  and  equipment  manufacturers  to  have  a  very  limited 
knowledge  of  the  larger  system  into  which  the  equipment  will  be  installed.  This  can 
result  in  potentially  hazardous  failure  conditions  being  overlooked.  On  Government 
programs,  the  information  necessary  to  make  failure  categorization  decisions  based  on 
system  effect  may  be  classified.  A  PDR  time  frame  conference  provides  an 
appropriate  forum  for  the  transfer  of  such  classified  information  while  allowing  a  need 
to  know  to  be  firmly  established. 

During  the  period  between  PDR  and  CDR,  the  majority  of.  formal  FMEA  occurs. 
The  FMEA  should  be  performed  at  successive  levels  of  indenture  coincident  with  the 
hardware  design  development.  In  general,  the  FM  EA  should  be  performed  at  as  high  an 
indenture  level  as  is  possible  while  ensuring  that  any  potential  Category  I  or  II  failures 
are  identified  and  eliminated  or  controlled  to  the  maximum  extent  possible.  This  will 
usually  require  that  circuits  which  can  potentially  experience  Category  I  or  n  failures 
be  analyzed  to  the  piece-part  level;  however,  this  level  of  detail  should  not  generally  be 
required  for  circuitry  whose  failure  can  cause  only  Category  HI  or  IV  failure  effects.  If 
the  FMEA  is  to  be  accomplished  in  a  cost-effective  manner  the  guidance  of 
MIL-6TD-785B  should  be  followed: 

"FOR  BASIC  RELIABILITY,  DO  NOT  ANALYZE  BELOW  THE 
LEVEL  AT  WHICH  A  FAILURE  WILL  CAUSE  A  DEMAND  FOR 
MAINTENANCE,  REPAIR,  OR  LOGISTICS  SUPPORT.  FOR 
MBSION  RELIABILITY,  DO  NOT  ANALYZE  BELOW  THE  LEVEL 
NECESSARY  TO  IDENTIFY  MBSION  CRITICAL  FAILURES." 

The  only  time  that  an  FMEA  at  a  piece-part  level  of  detail  is  justified  for  an 
entire  equipment  is  when  either  all  the  circuitry  being  analyzed  has  the  potential  for 
causing  Category  I  and  U  failure  effects  or  when  a  sufficiently  high  pere».itage  of  the 
circuitry  being  analyzed  requires  piece-part  level  analysis.  This  makes  analysis  at  a 
piece-part  level  of  the  remaining  circuitry  a  cost-effective  alternative  to  supplementing 


the  PMEA  with  other  analysis  methods  of  generating  maintainability,  reliability,  and 
testability  information. 

The  FMEA  which  is  performed  during  the  FSED  phase  between  PDR  and  CDR 
should  also  be  used  to  optimize  the  maintainability  and  testability  of  the  design.  The 
ambiguity  information  required  for  maintainability  analysis  in  accordance  with 
MIL-HDBK-472  Procedure  5  should  be  available  as  a  part  of  the  analysis. 

At  CDR  or  at  a  conference  held  in  a  corresponding  time  frame,  the  final  FMEA 
should  be  reviewed  for  accuracy  and  completeness.  The  final  resolution  of  all  potential 
Category  I  and  n  failures  should  be  reviewed,  and  an  agreement  on  the  safety  and 
fitness  of  the  final  design  should  be  reached.  The  failure  modes  and  effects  data  can 
then  become  a  baseline  document  to  be  used  in  assessing  the  impact  of  proposed 
changes  to  the  system  reliability,  maintainability,  safety,  and  testability 
characteristics.  Formal  data  delivery,  if  required,  should  be  scheduled  for  the  period 
following  CDR. 

During  the  qualification  test  period,  the  FMEA  can  be  used  for  assessing  design 
changes  in  response  to  observed  test  failures.  The  FMEA  can  be  updated  to  reflect  any 
design  changes  which  are  implemented  as  a  result  of  the  testing.  Additionally,  the 
results  of  qualification  testing  failures  can  be  used  to  validate  the  results  of  the  paper 
FMEA  analysis.  When  formal  data  delivery  has  been  required  on  a  contract,  an  update 
of  the  FMEA  document  can  be  required  at  the  completion  of  all  qualification  testing. 
The  final  FMEA  update  completes  the  FMEA  requirements  for  the  FSED  phase  and 
provides  an  analysis  baseline  for  the  production  equipment. 

5.4  FMEA  ACTIVITY  DURING  PRODUCTION 

During  the  production  phase  of  a  program  the  FMEA  can  be  used  as  a  baseline 
document  for  evaluating  the  reliability,  maintainability,  safety,  and  testability  impact 
of  proposed  changes.  When  the  FM  EA  is  used  as  a  baseline  document,  the  data  should 
be  updated  periodically  to  reflect  any  implemented  design  change  activity.  As  a 
minimum  the  FMEA  should  be  formally  updated  on  Government  programs  concurrent 
with  the  implementation  of  any  Class  I  engineering  change  proposal. 


5.5  FMEA  PROCUREMENT  APPROACH 

An  FMEA  is  usually  specified  as  a  formal,  deliverable  item  only  on  Government 
procurements.  The  current  methods  used  to  specify  the  analysis  have  the  potential  for 
producing  less  than  optimum  results  in  terms  of  both  analysis  cost  and  benefit  received. 

An  FMEA  is  usually  specified  by  the  Government  within  the  contractual 
Statement  of  Work  (SOW).  The  most  common  method  used  is  to  specify  the  FMEA  in 
accordance  with  a  Contract  Data  Requirements  List  (CDRL)  item  and  at  a  specific 
level  of  detail,  often  piece-part.  The  specification  of  level  of  detail  for  an  FMEA  prior 
to  the  point  where  some  design  visibility  is  available  can  result  in  a  worst  case  level  of 
detail  being  specified  to  ensure  that  the  analysis  is  performed  at  an  adequate  level  of 
detaiL  This  can  result  in  large  increases  in  FM  E A  cost  without  a  matching  increase  in 
analysis  benefit.  T.e  FMEA  is  normally  required  to  be  a  review  topic  at  design 
reviews.  Formal  data  delivery  in  accordance  with  the  CDRL  is  usually  30  to  90  days 
after  critical  design  review.  The  procurement  process  needs  to  ensure  that  the  FMEA 
cannot  be  treated  primarily  as  a  CDRL  item  instead  of  a  design  analysis  tool. 

A  refinement  of  the  procurement  techniques  currently  in  use  can  help  ensure 
maximum  benefit  from  the  analysis  while  controlling  cost.  The  primary  changes 
suggested  are  to  specify  that  the  final  level  of  detail  for  the  analysis  will  be  decided  at 
approximately  a  PDR  time  frame  and  to  include  a  guidance  conference  and  at  least  one 
review  conference  as  a  part  of  the  FMEA  process.  Two  conferences  should  provide  the 
minimum  guidance  and  review  necessary  to  help  ensure  that  an  optimum  cost  benefit 
point  is  achieved. 

The  initial  guidance  conference  should  be  scheduled  for  a  PDR  time  frame.  This 
conference  will  allow  any  needed  information  to  be  provided  and  allows  the  necessary 
level  of  analysis  detail  to  be  determined  after  some  hardware  design  visibility  is 
available.  The  later  specifications  of  level  of  detail  can  be  used  to  help  ensure  that  the 
analysis  is  tailored  to  achieve  the  necessary  program  requirements  while  controlling  the 
costs  which  can  be  incurred  if  the  required  level  of  detail  is  over  specified.  The  PDR 
time  frame  conference  also  allows  for  review  of  early  FMEA  efforts  and  results.  This 
should  reduce  the  potential  for  the  analysis  being  treated  strictly  as  a  CDRL  item. 

A  review  conference  should  be  scheduled  in  a  CDR  time  frame.  This  conference 
will  allow  FMEA  progress  and  results  to  be  monitored  early  enough  in  the  program  to  be 
effective.  Final  hardware  design  approach  approval  usually  occurs  following  the  CDR. 


The  implementation  of  changes  based  on  the  FMEA  after  design  approach  approval  is 
difficult. 

If  a  conference  approach  to  FMEA  specification  and  control  is  used,  it  needs  to  be 
structured  to  prevent  abuses  by  contractor  organizations.  This  will  require  that  any 
FMEA  be  bid  as  a  part  of  the  proposal  process,  during  the  competitive  part  of  the 
procurement  process.  The  FMEA  bid  submitted  as  a  part  of  a  proposal  where  a 
conference  type  approach  is  used  will  need  to  be  more  detailed  than  has  traditionally 
been  required,  The  initial  bid  can  then  be  used  during  the  initial  guidance  conference  as 
a  basis  for  cost  recovery  by  the  Government.  The  contractor  should  be  precluded  from 
changing  his  baseline  bid  or  negotiating  the  contract  value  upward  as  a  result  of  the 
technical  decisions  made  during  the  guidance  conference.  The  inclusion  of  the 
necessary  controls  in  the  SOW  and  contract  should  not  impose  any  unusual  difficulty. 

The  use  of  guidance  and  in-process  conferences  would  be  new  to  the  FMEA 
process  but  not  to  Government  procurement  practices.  A  very  similar  set  of 
conferences  is  routinely  used  for  provisioning,  technical  manuals,  and  logistics  support 
analysis  with  positive  results. 

5.6  FAILURE  SEVERITY  CATEGORIZATION 

The  assignmc  nt  of  severity  classifications  to  the  failures  considered  during  an 
FMEA  can  be  difficult,  liie  assignment  of  correct  classification  to  an  equipment 
failure  requires  that  the  analyst  be  thoroughly  familiar  with  the  equipment,  the  system 
into  which  it  will  be  installed,  possible  missions  and  conditions  under  which  the 
equipment  may  be  used,  and  the  potential  for  human  error  contribution.  There  is  not 
always  universal  agreement  between  analysts  as  to  the  proper  categorization  of  each 
failure.  As  a  general  rule,  if  the  analyst  is  unable  to  determine  which  of  two  possible 
failure  classifications  is  correct  for  a  given  failure,  the  more  severe  classification 
should  be  used.  The  failure  severity  classifications  provided  by  MIL-6TD-1 629  are: 
e  Category  I  *  Catastrophic  *  A  failure  which  may  cause  death  or  weapon 
system  loss  (i-e.,  aircraft,  tank,  missile,  ship,  etc.X 
e  Category  II  -  Critical  -  A  failure  which  may  cause  severe  injury,  major 
property  damage,  or  major  system  damage  which  will  result  in  mission  loss. 


•  Category  III  -  Marginal  -  A  failure  which  may  cause  minor  injury,  minor 
property  damage,  or  minor  system  damage  which  will  result  in  delay  or  loss 
of  availability  or  mission  degradation 

•  Category  IV  -  Minor  -  A  failure  not  serious  enough  to  cause  injury,  property 
damage,  or  system  damage,  but  which  will  result  in  unscheduled  maintenance 
or  repair. 

An  FMEA  is  usually  not  performed  below  the  level  of  detail  necessary  to  ensure 
that  a  given  circuit  can  only  produce  Category  in  or  IV  failures.  The  FMEA  generally  is 
continued  to  a  piece-part  level  of  detail  for  Category  I  and  n  failures.  The  Category  I 
and  II  failures  comprise  three  basic  types: 

•  Direct  Physical  Hazard  -  This  type  of  failure  causes  a  direct  physical  hazard 
upon  its  occurrence.  The  types  of  hazards  and  the  necessary  controls  are 
defined  in  MIL-STD-454,  Requirement  1 

•  Functionally  Inherent  Hazards  -  This  type  of  failure  causes  a  significant 
hazard  by  failing  in  a  basic  function  of  its  purpose.  This  is  characteristically 
a  failure  of  a  control  or  guidance  function  involved  in  an  inherently 
safety-related  process. 

•  Human  Error  Contributory  Hazard  -  This  type  of  failure  presents  a 
potentially  hazardous  situation  where  human  recognition  and/or  response  is 
critical  to  the  degree  of  hazard  actually  occurring  as  a  result  of  the  failure. 

Those  failures  which  constitute  the  direct  physical  hazard  type  are  generally  easy 
to  recognize  and  to  design  adequate  compensation  for.  The  degree  of  hazard 
represented  by  the  functionally  inherent  and  human  error  contributory  types  of  hazards 
are  more  difficult  to  recognize  and  provide  compensation  for. 

Any  failure  which  causes  the  loss  of  a  functionally  critical  equipment  parameter 
should  be  analyzed  thoroughly  for  possible  system  safety  impact.  All  single  point 
failures  which  can  cause  a  Category  I  or  n  failure  of  a  functionally  inherent  type  should 
be  designed  out  of  the  equipment  through  the  use  of  selective  redundancy,  or  by 
ensuring  that  the  failure  is  automatically  detected  by  BIT  circuitry  and  that  adequate 
compensation  has  been  provided.  The  FMEA  analyst  should  ensure  that  any  BIT 
circuitry  used  to  detect  functionally  inherent  hazards  has  been  designed  to  fail  in  an 
alarm  condition  (fail-safe). 


The  number  of  human  error  contributory  type  failures  should  be  minimized  by 
design,  and  the  use  of  automatic  compensation  for  these  failure  types  should  be 
considered  wherever  practical.  When  the  use  of  automatic  compensation  is  not 
practical,  the  FMEA  analyst  should  ensure  that  the  proposed  design  is  carefully 
analyzed  by  human  engineering  specialists  and  that  their  recommendations  are 
incorporated  into  the  design  so  that  an  optimum  man-machine  interface  results. 
Additionally,  the  analyst  should  ensure  that  all  relevant  material  concerning  the  hazard 
is  included  in  all  training  courses  and  technical  manuals.  A  discussion  of  the  potential 
hazard  should  be  included  in  the  FMEA  document  and  be  discussed  at  design  reviews  and 
FMEA  conferences.  In  assigning  failure  classification  to  this  type  of  failure  the  analyst 
should  assume  that  the  human  will  make  a  worst  case  error. 


5.7  MAINTAINABILITY  AND  TESTABILITY  INFORMATION 

A  significant  amount  of  the  information  necessary  to  perform  maintainability 
analysis  in  accordance  with  MIL-HDBK-472  Procedure  5  and  to  assess  the  testability 
adequacy  of  an  equipment  is  developed  as  a  part  of  the  FMEA.  This  information,  while 
available  in  an  FMEA,  is  usually  not  easy  to  extract  from  the  documented  results.  This 
difficulty  is  caused  by  both  the  format  of  the  information  presented  and  by  the 
information  itself. 

In  order  to  allow  the  maximum  useability  of  the  FMEA  results  for  maintainability 
and  testability  analysis,  the  equipment  indicators  and  accessible  test  points  need  to  be 
considered  as  distinct  outputs  during  the  analysis.  The  maintainability  and  testability 
information  which  can  then  be  extracted  from  the  analysis  is  in  the  form  of  failure 
symptoms  available  at  each  level  of  indenture.  The  most  critical  parameter,  to  be 
considered  for  maintainability  and  testability  purpobes  is  the  level  of  ambiguity  which 
exists  at  each  maintenance  level  with  respect  to  the  failure  effect  under  consideration. 
This  results  in  a  tracking  o'  *hs  failure  symptomology  as  it  is  shown  in  meters, 
indicators,  alarms,  accessible  test  points,  and  possible  causes.  This  information  can 
then  be  used  to  recommend  additional  indicators,  test  points,  etc*  where  they  are 
necessary  to  allow  isolation  between  possible  causes. 

If  sufficient  accessible  test  points,  indicators,  etc.  are  used  in  a  piece  of 

equipment  to  isolate  a  given  failure  effect  or  symptom  to  the  failed  LRU,  then  that 

failure  effect  has  an  ambiguity  level  of  one  with  respect  to  LRU  isolation.  If  the  same 

failure  effect  or  symptom  is  isolatable  to  two  possible  SRUs,  then  the  failure  effect  has 
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an  ambiguity  level  of  two  with  respect  to  SRU  isolation.  This  would  indicate'  the  need 
for  additional  test  points  which  are  accessible  to  the  maintenance  technician  for  SRU 
isolation.  An  ambiguity  level  of  two  or  greater  usually  results  in  increased  maintenance 
labor  hour  requirements,  and  increased  demands  on  the  logistic  support  systems. 

The  extraction  of  maintainability  and  testability  data  from  the  FMEA  at  the 
piece-part  level  is  generally  not  productive.  Piece-part  repair  is  accomplished  at  depot 
maintenance  facilities  using  specialized  test  fixturing.  Also,  depot  level  technicians 
can  usually  access  component  mounting  pads  directly  which  eliminates  the  need  for 
additional  test  points.  However,  if  the  equipment  under  analysis  contains  depot 
repaired  SRUs  which  are  modules  containing  multiple  circuit  cards,  the  ability  to 
isolate  to  the  failed  circuit  card  utilizing  test  points  should  be  evaluated. 

When  an  FMEA  is  performed  in  a  time  frame  consistent  with  a  design  program, 
the  maintainability  and  testability  information  being  developed  as  a  part  of  the  process 
should  be  used  to  ensure  the  inclusion  of  needed  test  points,  indicators,  etc.  in  the  final 
design.  This  will  help  ensure  that  the  finished  design  has  adequate  testability 
characteristics  with  minimum  maintenance  manhour  and  logistic  support  requirements. 

5.8  HUMAN  ENGINEERING  CONSIDERATIONS 

The  evaluation  of  the  human  factors  adequacy  of  a  proposed  design  is  an  integral 
part  of  the  FMEA  process  for  most  equipment.  Almost  all  large  systems  require  one  or 
more  man-machine  interfaces.  Tb  adequacy  of  those  interfaces  can  be  a  significant 
factor  in  the  severity  of  a  failur  j.  An  FMEA  analyst  needs  to  be  aware  of  the  system 
man-machine  interfaces  ev-i:  when  the  analysis  is  being  performed  at  a  subsystem  or 
black  box  level. 

The  human  factors  considerations  which  need  to  be  considered  during  an  FMEA 
comprise  three  broad  categories: 

•  Effectiveness  of  failure  alarms  and  indicators 

•  Effectiveness  of  failure  compensation  devices 

•  Impact  of  BIT  design. 

Failure  alarms  and  indicators  need  to  be  evaluated  for  adequacy  in  terms  of 
alerting  human  operators  that  a  failure  has  occurred.  The  type  of  indicator,  placement 
within  the  system,  and  brightness  need  to  be  evaluated.  The  effectiveness  of  audible 
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versus  visual  alarip  usage  needs  to  be  analyzed.  Additionally,  the  potential  safety 
impact  of  a  defective  failure  indicator  needs  to  be  considered. 

The  effectiveness  and  adequacy  of  human  activated  failure  compensation  devices 
or  procedures  should  also  be  considered  as  a  part  of  a  thorough  FMEA.  An  evaluation  of 
the  ability  of  an  operator  to  actuate  compensation  devices  under  the  initial  effects  of  a 
given  failure  needs  to  be  performed.  This  evaluation  is  particularly  critical  for  high 
performance  systems,  such  as  fighter  aircraft,  which  can  subject  the  operator  to 
extreme  environmental  conditions  (e.g.,  high  speed  turns,  etc.)  upon  equipment  failure. 
The  potential  for  incorrect  action  and  the  overall  skill  level  of  the  likely  operator  of 
the  system  need  to  be  carefully  considered  in  these  evaluations. 

The  impact  of  built-in-test  circuitry  decisions  needs  to  be  evaluated  as  it  impacts 
the  man-machine  interface.  The  ability  of  an  operator  to  recognize  and  compensate  for 
failures  which  are  not  detected  by  BIT  can  be  more  important  than  the  direct 
percentage  of  failures  detected.  The  overall  effectiveness  of  automatically  detecting 
failures  which  are  easily  recognized  by  the  operator  must  be  analyzed  with  respect  to 
the  increased  equipment  failure  rate  and  false  alarm  rate  associated  with  increased  BIT 
capability. 

The  FMEA  analyst  needs  to  ensure  that  the  results  of  all  evaluations  are  available 
to  training  departments,  safety  engineering,  and  technical  publications.  Any 
requirements  for  special  skills  or  training  which  may  be  needed  to  ensure  adequate 
operator  response  to  a  failure  occurrence  needs  to  appear  in  all  relevant  technical 
material,  even  when  initial  training  is  contracted  through  the  manufacturer.  Many 
products  which  are  produced  for  a  relatively  short  number  of  years  have  a  service 
lifetime  of  twenty  years  or  more. 


5.9  FMEA  PRESENTATION  FORMATS 


The  FMEA  results  can  be  presented  in  several  different  formats.  The  format 
chosen  should  be  based  on  a  combination  of  the  equipment  under  analysis,  and  the 
intended  use  of  the  data.  Ah  example  of  the  most  prominently  used  formats  are  shown 
in  Figures  3,  4,  and  7.  Each  of  the  three  commonly  used  formats  has  unique 
characteristics  which  may  recommend  its  use  under  certain  circumstances.  Table  5 
provides  a  comparison  of  the  most  significant  features  of  these  three  formats. 


FAILURE  MODES  AND  EFFECTS  ANALYSIS 


FMEA  WORKSHEET  FOR  _ 


FMEA  IDENTIFICATION  NUMBER 


DATE: 


SCHEMATIC  DIAGRAM 
BLOCK  DIAGRAM: 
PARTS  LIST: 


MISSION:  __ 

MISSION  PHASE:  “ 


ITEM  PART  NUMBER: 
ITEM  NOMENCLATURE: 


PREPARED 

BY: 


APPROVED 

BY: 


FSCM: 


REVISION: 

REVISION 

REVISION 


_  INDENTURE: 

REF.  DESIGNATOR: 


FAILURE  MODE: 
CAUSE  (s): 


SEVERITY: 


CAN  THE  OPERATOR  DETECT  THIS  FAILURE?  _ 

HOW?  ' 


CAN  THE  OPERATOR  COMPENSATE  FOR  THIS  FAILURE? 
HOW? 


FAILURE  MODE 
PROBABILITY: 


- . SOURCE- 

MIL-HOBK-217 


failure  Effect  probability  (beta):  _ 

FAILURE  MODE  RATIO  (ALPHA):  _ 

FAILURE  RATE  (LAMBDA-P):  _ 

OPERATING  HOURS  (T):  _ 

FAILURE  MODE  CRITICALITY  NUMBER  (CM): 
ITEM  CRITICALITY  NUMBER  (CR):  _ 


TABLE  5.  FMEA  FORMAT  COMPARISON 


Comparison  Parameter 

Tabular 

- - - - —  — . . 

Format 
Single  Sheet 

Matrix 

Specification  Compliance  -  Format  can  be 
used. to  satisfy  MIL-STD-1629A 
requirements 

E 

G 

G 

Ease  of  use  by  Analyst  -  Format  is  easy  to 
use  and  update 

G 

F 

E 

Ease  of  Data  Extraction  -  Format  allows 
easy  extraction  of  needed  data  by  all 
users 

F 

P 

E 

Overall  Clerical  Load  -  Format  minimizes 
clerical  requirements  imposed  on  analyst 

F 

P 

E 

■ 

Completeness  -  Format  allows  failure 
effects  at  each  indenture  level  to  be  seen 
without  referencing  other  areas  of  the 
document 

G 

G 

. 

P 

. 

Compactness  -  Format  presents  data  in  a 
compact  form 

F 

P 

E 

Commentary  Material  -  Formet  allows  easy 
inclusion  of  commentary  material 

G 

G 

F 

Multiple  Analyst  -  Format  does  not  present 
difficulty  if  more  than  one  analyst  is 
assigned 

F 

F 

E 

E  =  Excellent,  G  =  Good,  F  =  Fair,  P  =  Poor 


The  format  used  should  be  based  on  the  particular  analysis,  however,  for  most 
analyses  the  matrix  format  has  several  advantages.  This  is  particularly  true  with 
respect  to  obtaining  multidiscipline  use  of  the  analysis  results.  The  matrix  format  is 
relatively  easy  to  understand  for  non-specialists  and  allows  easy  extraction  of  data  in 
the  reverse  order  for  maintainability  and  testability  use.  The  matrix  format  should  be 
considered  for  standardized  use  in  most  analyses. 


5.10  BACKGROUND  OF  THE  FMEA  ANALYST 


The  performance  of  an  FMEA  requires  that  the  assigned  analyst  either  individually 
have  expertise  in  a  wide  range  of  engineering  disciplines  or  h*»ve  access  to  individuals 
who  can  provide  any  needed  supplemental  expertise.  The  assignment  of  an  analyst  who 
possesses  all  the  necessary  skills  to  perform  the  FMEA  without  assistance  is  usually  not 
possible.  It  is  normally  a  better  approach  to  use  the  skills  available  in  several 
engineering  specialty  areas  to  review  the  FMEA  and  interface  with  the  assigned  analyst 
on  an  ongoing  basis. 

The  analyst  selected  to  perform  an  FMEA  should  ideally  possess  a  background  in 
design,  reliability,  maintainability,  testability,  safety,  human  factors,  and  logistics 
engineering.  There  are  a  few  individuals  with  all  the  required  areas  of  expertise,  and 
their  availability  is  limited.  This  results  in  a  need  to  select  an  individual  to  perform  the 
FMEA  who  possesses  less  than  the  ideal  range  of  skills.  A  design  engineering  background 
in  the  analyst  selected  must  be  considered  the  moat  crucial  criteria.  A  competent 
design  engineer  can  perform  the  analysis  even  though  he  may  not  possess  all  the 
necessary  complementary  skills  required  to  properly  assess  all  failure  effects.  The 
additional  expertise  can  be  provided  by  specialty  engineers  on  an  as-required  basis.  It  is 
generally  more  difficult  to  compensate  for  weaknesses  in  the  design  background  of  an 
analyst  selected  from  a  specialty  engineering  group. 


5.11  FMEA  USE  LIMITATIONS 


The  FMEA  is  an  extremely  accurate  and  thorough  analysis  which  produces  a  wide 
range  of  information  useable  by  the  specialty  engineering  disciplines  to  help  ensure  that 
their  design  requirements  are  met.  The  analysis  is  a  particularly  effective  safety 
analysis  tool.  The  analysis  produces  information  needed  by  reliability,  maintainability, 
safety,  testability,  and  logistics  engineers.  When  a  program  has  requirements  imposed 
in  all  or  most  of  these  specialty  areas,  the  FMEA  may  be  relatively  cost-effective  if 
duplication  of  effort  is  minimised.  The  analysis  can  be  very  expensive  and  may  not  be 
the  most  effective  means  of  producing  the  needed  data  when  primarily  used  to 
document  the  achievement  of  safety-related  requirements. 
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When  the  program  safety  requirements  will  allow  the  FMEA  to  be  performed  at  a 
reduced  level  of  detail,  the  use  of  other,  less  formal  techniques  to  produce  any 
additional  data  needed  by  specialty  engineering  groups  should  be  considered.  The  FMEA 
will  not  produce  all  the  data  needed,  thus  some  supplementary  analyses  will  always  be 
required.  The  use  of  less  formal  techniques  will  help  keep  program  costs  to  a  minimum, 
while  producing  the  required  information. 


SECTION  6 

|  STANDARDIZED  PMEA  TECHNIQUE 

► 

G  6.1  INTRODUCTION 


Section  6  provides  an  overview  and  detailed  coverage  of  the  advanced  matrix 
F  ME  A  technique.  Various  aspects  of  the  technique  and  appropriate  FMEA  activities  are 
discussed  by  program  phase.  The  reader  should  complete  Section  6  in  its  entirety  prior 
to  applying  the  technique  for  the  first  time. 

The  advanced  matrix  technique,  as  defined  for  the  purposes  of  this  study,  is  a 
standardized  methodology  or  approach  to  a  MIL-STD-1629A  FMEA.  Through  this 
standardization  of  approach,  a  maximum  benefit  is  obtained  from  the  labor  expended  in 
the  FMEA.  This  is  accomplished  by  identifying  the  appropriate  efforts  for  each  program 
phase,  and  by  allowing  the  use  of  multiple  analysts  without  the  coordination  problems 
inherent  in  a  tabular  MIL-STD-1629A  analysis.  The  advanced  matrix  technique  provides 
a  framework  for  the  presentation  of  circuit  analysis  results  which  is  defined  and  can  be 
approved  in  advance  when  data  item  delivery  is  required. 


6.2  TECHNIQUE  OVERVIEW 

| 

The  need  for  a  standardized  FMEA  technique  is  well  recognized.  FMEA  is  an 
expensive  analysis  which  needs  to  be  used  as  cost-effectively  as  possible.  Additionally, 
an  FMEA,  to  achieve  maximum  effectiveness,  should  be  completed  in  a  time  frame 
which  is  consistent  with  the  ongoing  design  process.  An  FMEA  which  is  completed  late 
in  a  program  may  have  little  impact.  A  standardized  technique,  to  be  of  value,  need.,  to 
provide  both  a  cost-effective  and  tinrte-effective  methodology,  and  the  adv*  v»ee  rrwuru' 
technique  is  effective  in  both  of  thesle  areas. 

The  advanced  matrix  technique  can  be  applied  at  ei/  ohose  of  pioduct 
development.  An  FMEA  using  the  advanced  matrix  technique,  us  with  any  FMEA 
technique,  is  most  effective  when  stsrted  at  the  earliest  sta if  jt  of  product  development. 
The  approach  required  is  bottom-up  piecewise.  That  is,  the  analysis  progresses 
downward  through  the  design  detail  ojne  level  of  indenture  at  a  time  (top-down).  The 
analysis  for  the  given  level  is  performed  inductively.  This  is  not  a  significant  change  to 


the  method  by  which  thorough  FMEAs  have  always  been  performed.  The  FMEA  has 
traditionally  been  considered  a  bottom-up,  or  inductive,  analysis.  Sinee  design 
information  becomes  available  in  a  top-down  sequence,  the  performance  of  a  true, 
bottom-up  FMEA  would  require  the  analysis  to  be  started  at  the  close  of  the  design 
process  rather  than  at  the  start  of  design.  This  would  result  in  an  ineffective  FMEA, 
completed  too  late  to  have  much  impact  on  the  design  process. 

The  advanced  matrix  technique  is  particularly  well  designed  to  provide  for  the 
performance  of  FMEA  in  concert  with  an  ongoing  design  program  in  a  cost-effective 
manner.  When  the  advanced  matrix  technique  automation  (described  in  Section  7),  is 
used  to  aid  the  analyst  in  performing  the  FMEA,  the  analysis  is  particularly  effective. 
The  design  of  both  the  advanced  matrix  technique  and  the  complementary  automation 
has  specifically  been  tailored  to  allow  for  the  atmosphere  of  almost  constant  change 
which  is  a  normal  part  of  the  equipment  design  and  development  process. 


6.2.1  ADVANCED  MATRIX  TECHNIQUE  PHASING 


The  performance  of  an  FMEA  utilizing  the  advanced  matrix  technique  is 
accomplished  in  four  phases:  FMEA  planning,  initial  FMEA  activity,  intermediate  or 
block  diagram  level  activity,  and  detail  or  piece-part  level  activity.  The  relationship 
between  the  design  program  phases  and  the  FMEA  activity  is  shown  in  Figure  5.  The 

I -  FMEA  PLANNING  . . . . .  y 
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Figure  5.  FMEA  Activity  By  Program  Phase 
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FMEA  planning  and  the  initial  FMEA  activity  can  be  begun  as  early  in  the  program  as  the 
late  design  validation  phase.  Specific  design  knowledge  of  the  equipment  to  be  analyzed 
is  not  required  during  these  phases  of  FMEA  activity.  The  interim  and  detail  level  of 
activities  are  dependent  on  specific,  detailed  hardware  design  information  and  are 
completed  in  concert  with  the  hardware  design.  This  often  requires  that  more  than  one 
analyst  work  on  the  FMEA  at  a  time  due  to  the  multiple  design  personnel  assigned.  This 
is  allowed  by  the  structure  of  the  advanced  matrix  technique.  Each  analyst  works  only 
on  the  specific  area  (e.g.  assembly,  unit,  etc.)  assigned  to  him  and  does  not  need  to 
reference  or  deal  with  higher  level  effects.  The  activities  of  the  various  analysis 
personnel  assigned  are  generally  coordinated  and  led  by  a  senior  analyst.  The  senior 
analyst  is  usually  assigned  responsibility  for  the  FMEA  planning  and  the  initial  FMEA 
activity  phases.  During  these  early  FMEA  phases,  the  use  of  multiple  analysts,  while  not 
impossible,  is  somewhat  difficult. 

Each  iterative  level  of  FMEA  activity  requires  that  specific  information  be 
available  to  the  analyst  allowing  the  analysis  to  produce  specific  outputs.  Figure  6  shows 
the  outputs  expected  during  each  phase  of  FMEA  activity.  The  outputs  shown  represent 
all  of  those  available  within  the  structure  of  the  technique.  It  is  possible  to  perform  the 
FMEA  utilizing  the  technique  without  requiring  all  of  the  out  puts  to  be  assembled. 

FMEA  activity  begins  with  the  planning  phase.  The  planning  phase,  which  is 
primarily  an  administrative  task,  is  used  to  provide  scope  and  direction  to  the  overall 
FMEA  effort  while  minimizing  the  duplication  of  effort  within  a  program.  FMEA 
planning  for  content,  depth  of  analysis,  analyses  needed,  and  scheduling  required  are 
developed  based  on  the  contractual  requirements  for  safety,  reliability,  maintainability, 
and  logistics.  Detailed  hardware  design  information  is  not  needed  for  FMEA  planning 
purposes.  However,  the  analyst  assigned  to  the  FMEA  planning  should  possess  a 
background  in  systems  similar  to  the  one  to  be  analyzed.  This  helps  assure  that  initial 
decisions  on  FMEA  depth  of  analysis  are  based  on  the  type  of  hardware  to  be  analyzed 
and  its  use  environment. 

Initial  FMEA  activity  consists  of  the  development  of  the  technical  baseline  for  the 
hardware  FMEA  which  will  be  performed.  This  phase  of  activity  produces  an  FMEA 
specification,  initial  design  guidelines,  initial  system  interface  level  FMEA,  and  serves  as 
e  baseline  to  finalize  the  FMEA  planning  which  was  previously  accomplished.  The 
amount  of  design  information  required  for  the  initial  FMEA  activity  is  minimal.  A 
system  specification  must  exist.  Hardware  design  information  is  not  required.  However, 
the  analyst  performing  the  initial  analysis  needs  to  be  thoroughly  familiar  with  the 


design  and  use  of  systems  similar  to  the  one  to  be  analyzed  in  order  to  understand  the 
severity  impact  of  system  functional  failures. 

Intermediate  FMEA  activity  begins  the  direct,  hardware  analysis  traditionally 
associated  with  FMEA  activity.  Intermediate  analysis  is  performed  using  circuit  block 
failures.  The  outputs  of  the  intermediate  analysis  process  include  traditional 
MIL-STD-1629  FMEA  information,  maintainability  test  point  information,  and 
built-in-test  analysis  information.  The  intermediate  level  of  analysis  requires  that  final 
system  and  equipment  specifications,  initial  system  partitioning,  and  block  diagrams  of 
equipment  circuity  be  available  to  the  analyst.  The  intermediate  level  of  analysis  will 
usually  satisfy  the  analysis  depth  which  is  required  to  review  circuitry  which  is  not 
capable  of  causing  MIL-STD-1629A  severity  category  one  or  two  failures. 

The  detail  level  of  FMEA  activity  is  the  piece  part  FMEA  analysis.  The  detail 
activity  provides  the  most  comprehensive  FMEA  and  is  the  most  costly  level  of  analysis. 
This  level  of  activity  is  usually  limited  to  circuits  which  can  cause  MIL-STD-1629A 
severity  category  one  or  two  failures,  or  for  those  cases  where  FMEA  at  the  piece  part 
level  of  detail  is  the  most  cost  effective  means  of  developing  the  information  needed  to 
support  maintainability  or  logistics  analyses.  A  comprehensive  set  of  design  information 
including  specifications,  schematics,  hardware  drawings,  and  parts  lists  must  be  available 
to  allow  detailed  FMEA  activity. 


6.2.2  ADVANCED  MATRIX  TECHNIQUE  STRUCTURE 


The  advanced  matrix  technique  has  a  structure  which  is  similar  to  that  of  the 
original  matrix  technique.  A  matrix  grid  is  used  to  hold  the  analysis  information.  This 
matrix  provides  good  visibility  of  FMEA  results  and  excellent  traceability  to  higher  and 
lower  levels  of  indenture.  The  traceability  provided  by  the  matrix  eliminates  the  need 
for  the  redundant,  clerical  entries  of  higher  level  effects,  which  are  required  by  tabular 
methods. 

Figure  7  shows  a  typical  matrix  structure  which  is  used  at  the  piece-part  level  of 
detail.  The  top  of  the  matrix  is  formed  by  the  outputs  of  the  assembly  under  analysis, 
the  test  points  of  the  assembly  being  analyzed,  a  comments  and  remarks  reference 
column,  a  severity-level  column,  and  a  built-in-test  detection  column.  The  side  of  the 
matrix  is  formed  by  the  inputs  to  the  assembly  being  analyzed  with  the  appropriate 
failure  modes  for  the  inputs,  and  by  the  parts  contained  on  the  assembly  being  analyzed 
with  their  failure  modes. 
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i.  1FMEA  Activity  Outputs 
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Figure  7.  Typical  Matrix  Structure 

The  matrix  is  completed  by  inserting  the  appropriate  failure  effect  code  at  the 

intersection  between  all  effected  outputs  and  test  points  and  the  failure  mode  being 
analyzed.  If  comments  or  remarks  are  needed,  the  numbed  of  the  remark  is  placed  at  the 
intersection  between  the  failure  mode  and  the  remarks  column.  If  the  BIT  detects  this 
failure  at  the  level  under  analysis,  an  X  should  be  marked  in  the  BIT  DETECTED 
column.  If  the  severity  of  the  failure  at  the  level  under  analysis  is  other  than  a  severity 
class  4,  the  appropriate  severity  level  for  the  failure  should  be  entered  at  the 
intersection  of  the  SEVERITY  column  and  the  failure  mode  being  analyzed. 


The  matrix  retains  the  basic  structure  shown  in  Figure  7  at  all  levels  of  indenture 
except  the  highest  level.  The  top  level  consists  of  two  matrices.  One  matrix  maps 
equipment  outputs  to  failure  effects  and  operating  mode.  The  other  matrix  maps 
equipment  outputs  to  operating  mode  by  severity.  All  other  matrices  used  within  the 
technique  are  structured  as  outputs  versus  inputs  and  parts  by  failure  effect. 

The  relationship  between  matrices  developed  at  different  levels  of  indenture 
preserved  by  the  structure  of  inputs  and  outputs.  The  outputs  of  a  matrix  at  level 
form  the  inputs  to  the  next  level  of  analysis  as  shown  in  Figure  8.  The  inp-jts/outputs 
can  be  traced  either  upward  or  downward  through  the  hardware  indenture  utilizing  the 
signal  mnemonics  to  provide  the  necessary  matrix  mapping. 

The  inherent  traceability  of  the  matrix  structure  makes  it  ideal  for  automation. 
Additionally,  this  traceability  allows  information  to  be  readily  extracted  from  the 
analysis  in  a  reverse  organization.  The  reverse  extraction,  of  analysis  data  is  crucial  if 
maintainability  analyses  are  going  to  be  supported. 
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Figure  8.  Traceability  Between  Hardware  Indenture  Levels  in  a  Matrix  FMEA 
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6.2.3  MIL-STD-1629A  COMPLIANCE 


The  advanced  matrix  technique  is  compliant  with  the  intent  of  MIL-STD-1629A  but 
is  not  letter  for  letter  compliant  with  the  specification.  MIL-STD-1629A  specifies  five 
FMEA  tasks: 

•  Task  101  -  Failure  Modes  and  Effects  Analysis 

•  Task  102  -  Criticality  Analysis 

•  Task  103  -  FMECA  Maintainability  Information 

•  Task  104 -  Damage  Modes  and  Effects  Analysis 

«  Task  105  -  Failure  Mode,  Effects,  and  Criticality  Plan. 

The  advanced  matrix  technique  provides  the  information  needed  to  comply  with  the 
intent  of  tasks  101,  102,  103  and  105.  Task  104  is  not  supported  by  the  advanced  matrix 
technique.  This  is  not,  however,  considered  a  severe  lir.ic  ition,  as  damage  modes  and 
effects  are  seldom  applied  to  electronic  equipment  and  almost  never  at  the  level  of 
detail  (block  diagram  and  piece-part)  at  which  FMEA  is  normally  performed. 

Table  6  provides  a  cross  reference  between  the  information  provided  by  the 
advanced  matrix  technique  and  MIL-STD-1629A  requirements.  In  most  cases  the 
necessary  information  is  available  but  the  format  of  the  information  is  usually  different. 


TABLE  6. 


Criteria 


Failure  Detection 
Method  (Operator) 

Compensating 

Provisions 

Severity  Class 

Remarks 

Failure  Probability 


ADVANCED  MATRIX, TECHNIQUE  MIL-STD-1629A 
COMPLIANCE  (Continued) 


MIL-STD-1629A  Task  # 


101 

101,  102 

101,  102,  103 
101,  102,  103 


Failure,  Rate  Data 
Source 

102 

Failure  Effect 
Probability 

102 

Failure  Mode 

Ratio 

102 

Failure  Rate 

102 

Operating  Time 

102 

Criticality  # 

102 

Item  Criticality  # 

102 

System/Subsystem 

Description 

103 

Remarks 


Provided  indirectly  by  including 
indicators  and  BIT  in  matrix 

Provided  by  including  an  ability 
to  include  remarks 

Provided  directly 

Provided  directly 


Not  provided  within  the  tech¬ 
nique.  The  typical  failure  rate  data 
source  for  electronic  equipment  is 
MIL-HDBK-217.  Other  sources  would 
need  to  be  defined  in  the 
introductory  material. 

The  advanced  matrix  technique 
assumes  0  =  1 

This  ratio  can  be  used  in 
criticality  calculations  once  the 
correct  ratios  are  established 

The  failure  rate  entered  in  the 
matrix  is  used  in  criticality 
calculations 

The  operating  time  ratio  is  provided 
by  the  operating  mode  percentage  list 

Can  be  calculated  from  information 
provided  within  the  technique  , 

Can  be  calculated  from  information 
provided  within  the  technique 

Usually  provided  as  a  part  of 
the  descriptive  material  included  in 
an  FMEA  report  -  not  included  on 
analysis  sheets  in  technique 


TABLE  6.  ADVANCED  MATRIX  TECHNIQUE  MIL-STD-1629A 


COMPLIANCE  (Continued) 


Remarks 


Criteria 


Provided  indirectly  as  «  part  of 
test  point  summary 


Failure  Detection 
Method 


Minimum  Equipment 
List 


Not  provided  within  the 
technique 


6.3  ADVANCED  MATRIX  TECHNIQUE  DETAIL 

This  section  and  its  several  subsections  provide  a  detailed  description  of  the 
advanced  matrix  technique.  The  section  is  organized  in  the  order  of  occurrence  of  th$ 
various  phases  of  the  technique  as  presented  in  Section  6.2.1.  Each  subsection  describes 
the  information  necessary  to  allow  the  phase  of  analysis  being  discussed  to  proceed,  and 
the  outputs  which  are  available  from  the  FMEA  phase.  Figure  6  provides  a  summary  of 
the  types  of  outputs  available  at  each  phase. 

The  advanced  matrix  technique  allows  multiple  analysts  to  be  used  with  a  minimum 
of  conflict.  However,  coordination  between  all  analysts  working  on  an  FMEA  remains 
important.  This  coordinating  function  usually  requires  that  a  chief  analyst  be  appointed 
to  serve  as  a  focal  point  for  analysis  efforts  and  to  control  mnemonics.  He  would  be 
expected  to  complete  the  FMEA  planning  phase  without  assistance.  The  chief  analyst 
could  also  complete  the  initial  FMEA  activity  without  assistance  for  all  but  very  large 
FMEAs.  The  ability  of  a  single  analyst  to  complete  all  early  FMEA  activity  is 
important.  The  use  of  one  analyst  to  structure  all  initial  FMEA  activity  provides  a 
coherent  baseline  for  all  more  detailed  FMEA  activity.  When  more  than  one  analyst  is 
used  to  structure  the  initial  FMEA  material,  care  must  be  used  to  ensure  that  all  efforts 
are  completely  coordinated. 

Several  analysis  outputs  discussed  in  this  section  on  the  advanced  matrix  technique 
are  difficult  or  time  consuming  to  obtain  by  manual  methods  although  the  necessary 
activities  are  described.  This  is  particularly  true  of  criticality  analysis,  built-in-test 
analysis,  and  test  point  information.  The  advanced  matrix  technique  is  only  marginally 
better  than  tabular  methods  when  this  information  must  be  manually  assembled.  The 
matrix  technique  is  significantly  better  than  tabular  methods  once  the  automation  tool  is 
in  use.  Ihe  overall  structure  and  use  of  the  technique  together  with  the  automation  is 
discussed  in  Section  7. 


The  terms  system,  equipment,  and  system  /equipment  are  used  throughout  the 
discussion  which  follows.  The  terms  should  be  considered  interchangeable  references  to 
the  top  level  of  FMEA  analysis.  FMEA  is  generally  limited  in  application  to  the 
equipment  level  due  to  an  inherent  inability  to  handle  multiple  failure  modes  and  human 
interfaces  well.  This  does  not  strictly  preclude  the  analysis  from  being  used  at  the 
system  level.  The  FMEA  retains  effectiveness  at  the  system  level  when  the  interfaces 
are  automated,  particularly  when  the  human  interface  is  minimal  or  non-existent. 

6.3.1  FMEA  PLANNING 

The  advanced  matrix  technique  usage  depends  on  planning  the  FMEA  as  an  integral 
part  of  the  total  logistics  analysis  to  be  performed  during  equipment  development. 
Planning  the  FMEA  as  a  part  of  an  overall  analysis  package  allows  duplication  of  effort 
to  be  avoided  while  allowing  the  purpose  of  the  FMEA  to  be  completely  defined.  Once 
the  exact  purpose  and  usage  of  the  FMEA  has  been  defined,  the  analysis  can  be  uniquely 
tailored  to  provide  the  needed  outputs  in  a  cost-  and  time-effective  manner. 

Adequate  FMEA  planning  will  define  the  level  of  detail  within  the  analysis  and  the 
duration  of  the  analysis  All  FMEA  planning  should  be  documented,  even  when  task  105 
of  MIL-STD-1629A  has  not  been  specifically  invoked.  An  FMEA  plan  which  is  compliant 
with  MIL-STD-1629A  task  105  is  ideal  for  documenting  the  planning  so  long  as  all  the 
required  information  is  included. 

FMEA  planning  should  be  the  task  of  the  individual  who  will  be  assigned  as  chief 
analyst  for  the  FMEA.  The  chief  analyst  is  expected  to  have  the  seniority  and 
experience  to  determine  the  FMEA  analysis  needs  with  respect  to  the  total  design 
program.  Considering  the  FMEA  in  the  context  of  the  total  program  allows  pn  initial 
determination  of  the  level  of  detail  required  for  the  analysis.  This  will  allow  the  analysis 
to  be  tailored  to  optimally  fit  the  design  and  logistics  programs.  Seven  fundamental 
questions  need  to  be  answered  in  order  to  determine  the  appropriate  level  of  analysis: 

•  What  is  the  primary  purposed)  of  the  FMEA? 

What  is  the  reason  for  performance  of  the  FMEA?  The  FMEA  can  be  used  to 
support  the  reliability  analysis,  safety  analysis,  maintainability  analysis, 
testability  analysis,  and  logistics  support  analysis  individually  or  in  any 
combination.  The  FMEA  is  usually  begun  or  required  once  a  specific  potential 
problem  area  has  been  recognized.  This  area  of  concentration  is  then  the 
primary  purpose  of  the  FMEA- 
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•  What  level  of  detail  will  be  used  for  maintenance  and  logistics  planning? 

The  overall  maintenance  and  logistics  support  concepts  for  the  equipment 
should  be  examined.  The  type  of  maintenance  which  will  be  done  at  each  level 
(i.e.,  siiop,  depot,  flight  line)  should  be  identified.  The  skill  level  of  personnel 
at  each  maintenance  level  should  also  be  determined.  The  test  equipment 
which  will  be  used/available  at  each  maintenance  level  should  also  be 
identified.  How  much  FMEA  information,  and  what  level  of  detail  is  necessary 
to  support  maintenance  analysis  should  be  determined  based  on  the  support 
concepts  and  constraints  which  are  'dentified. 

•  is  criticality  analysis  required? 

If  criticality  ana’ysis  is  required,  which  reliability  calculations  will  need  to  be 
performed  at  the  piece-part  level.  The  need  for  detail  in  the  criticality 
analysis  may  require  greater  overall  detail  in  the  FMEA. 

•  Are  the  analysis  results  to  be  provided  to  the  end  item  user  as  a  data  item? 

If  data  item  preparation  is  required,  the  appropriate  schedule  points  should  be 
developed.  These  schedule  points  can  then  be  used  to  determine  what  level  of. 
FMEA  detail  will  be  available  at  each  scheduled  delivery  point. 

«  Is  built -in-test  analysis  required  on  the  program? 

Built -in-test  evaluation  requires  that  a  very  detailed  analysis  be  performed. 
The  exact  implementation  of  BIT  should  be  evaluated  to  determine  its  impact 
on  the  level  of  FMEA  detail. 

•  Is  maintainability  analysis  (if  required)  to  be  performed  in  accordance  with 
Procedure  5  of  MIL-HDBK-472. 

Maintainability  analysis  in  accordance  with  MIL-HDBK-472  Procedure  5 
requires  that  the  ambiguity  of  each  failure  at  each  maintenance  level  be 
determined.  The  determination  of  ambiguity  at  a  given  level  can  require  that 
an  analysis  be  performed  at  one  level  of  detail  below  the  level  being  assessed. 
The  level  of  maintenance  analysis  detail  needed  should  be  assessed  for  impact 
on  FMEA  detail. 

•  What  level  of  detail  is  contractually  required? 

When  an  FMEA  is  contractually  required,  with  the  required  level  of  detail 
specified,  the  analysis  needs  to  be  performed  at  the  specified  detail  level  of 
detail  as  a  minimum.  A  greater  level  of  detail  may  be  used.  This  is 
appropriate  when  the  greater  FMEA  detail  provides  the  most  cost-effective 
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baseline  for  related  analyses  in  safety,  maintainability,  logistics,  and/or 
testability. 

The  output  of  the  PM  EA  planning  process  should  be  a  complete  description  of  the 
analysis  required  in  fundamental  detail.  As  &  minimum  the  analyst  should  be  able  to 
determine  the  criteria  required  to  complete  an  FMEA  planning  sheet  as  shown  in 
Figure  9.  Once  the  chief  analyst  has  determined  the  amount  of  detail  and  the  types  of 
analyses  which  will  be  required,  initial  FMEA  activity  can  begin.  The  FMEA  planning, 
however,  remains  subject  to  cha^re  until  the  ana-ysis  is  complete.  This  is  to  allow 
adequate  detail  to  identify  the  causes  of  all  severity  classification  Category  I  and  n 
failures. 


1.  LEVEL  OF  FMEA  DETAIL 

A.  SYSTEM 

□ 

B.  EQUIPMENT 

□ 

C.  CIRCUIT  CARO/MODULE 

□  . 

D.  DETAILED  8LOCK  DIAGRAM 

□ 

£.  PIECE  PART 

□ 

2.  TYPE  OF  ANALYSIS  TO  BE  iNCLUDED 

A.  FAILURE  MOOES  ANO  EFFECTS 

□ 

B.  SEVERITY  CLASSIFICATION 

□ 

C.  TEST  POINT 

,  □ 

D.  BIT  Of .  ECTION  INFORMATION 

□ 

E.  CRITICALITY  CALCULATIONS 

□ 

3.  TYPE  OF  FMEA  TO  BE  REPORTED  TO  CUSTOMER 

A.  SYSTEM  LEVEL 

□ 

B.  EQUIPMENT  LEVEL 

□ 

C.  CIRCUIT  CARD/VODULE  LEVEL 

□ 

D.  DETAILED  BLOCK  DIAGRAM  LEVEL 

.  □ 

E.  PIECE  PART  LEVEL 

□  , 

Figure  9.  FMEA  Planning  Sheer 


6.3.2  INITIAL  FMEA  ACTIVITY 


Initial  FMEA  activity  consists  of  the  development  of  nine  interrelated  items. 

These  are  the  FMEA  specification,  operational  mode  definitions,  fundamental  input  and 
output  definitions,  preliminary  mnemonics,  preliminary  failure  effect  list,  failure  mode 
to  operating  mode  by  effect  matrix,  failure  mode  to  operating  mode  by  severity  matrix, 
design  guidelines,  and  revised  FM  EA  planning.  Two  of  these  activities,  the  failure  mode 
to  operating  mode  by  severity  matrix  and  the  design  guidelines  are  optional  but  highly 
recommended.  Figure  1 0  shows  the  flow  of  and  interrelationship  between  the  various 
initial  FMEA  activities. 

The  initial  FM  EA  material  can  be  prepared  as  soon  as  the  FMEA  plannir^f  is 
complete.  The  information  required  to  allow  the  initial  analysis  to  proceed  is  mLiimal. 
The  analyst  must  be  capable  of  defining  the  required  equipment  characteristics  and  all 

necessary  interfaces  completely.  If  an  equipment  specification  or  a  similar  requirements 
document  exists,  an  analyst  who  is  experienced  with  the  type  of  equipment  beiiq; 
analyzed  should  be  capable  of  completing  the  initial  FMEA  activity.  The  initial  FMEA 
activity  should  begin  with  the  development  of  the  FMEA  specification. 


6.3.2. 1  Specification  Development 

As  the  first  step  in  the  initial  FMEA  activity,  the  analyst  must  develop  a 
specification  for  the  FMEA.  The  FMEA  specification  is  nnt  necessarily  the  same  as  the 
system  or  equipment  specification,  if  one  exists.  The  FMEA  specification  needs  to 
reflect  the  operational  requirements  of  the  system  or  equipment  befr^  specified. 

The  FM  EA  specification  should  be  developed  from  the  appropriate  system  or 
equipment  specification  when  one  exists.  When  no  formal  specification  exists,  the 
marketing  criteria,  or  other  guidelines  which  are  used  by  design  to  determine  required 
system  or  equipment  performance  should  be  used  to  guide  preparation  of  the  FMEA 
specification. 

Once  the  analyst  has  obtained  a  baseline  for  the  development  of  the  FMEA 
specification  through  acquiring  either  the  appropriate  equipment  specification  or 
marketing  criteria,  preparation  can  proceed.  The  analyst  should  proceed  ins 
step-by-step  process  to  identify  and  list  relevant  performance  parameters  similar  to 
those  shown  in  Figure  1 1.  Tl.e  development  of  the  performance  parameter  list  is  unually 


straightforward.  Similarly,  the  extraction  of  the  equipment  specification  limits  will  not 
usually  represent  a  problem.  The  development  of  the  performance  limits  which  will  be 
used  for  FMEA  criteria  is  somewhat  subjective. 

The  subjective  nature  of  the  FMEA  specification  requires  that  the  analyst  have  an 
extensive  background  in  the  type  of  equipment  and/or  system  which  is  under  analysis. 
Additionally,  the  analyst  will  need  to  coordinate  the  developed  specification  with 
hardware  design  engineering  and  with  any  disciplines  which  will  interface  with  the  FMEA 
results  G.e.,  safety,  maintainability,  testability,  etc.).  The  specification  will  need  to  be 
coordinated  across  multiple  disciplines  to  ensure  that  the  performance  limits  established 
for  FMEA  reflect  accurate,  traceable  values.  When  built-in-test  circuitry  will  pe 
designed  into  an  equipment,  the  FM  EA  limits  established  should  generally  be  the  same  as 
the  limits  which  will  be  used  in  the  built-in-test  design.  Once  the  specification  is 
developed,  it  may  be  necessary  to  coordinate  the  FMEA  limits  established  with  the 
procurement  office  if  the  FMEA  is  being  performed  under  Government  contract  with 
associated  data  delivery  requirements. 

6.3.2.2  Operational  Mode  Definition 

After  the  FM  EA  specification  has  been  developed,  the  analyst  should  define  the 
basic  equipment  operating  modes.  The  operating  mode  definitions  should  be  as  concise 
as  possible  without  producing  an  unmanageable  number:  of  modes  to  be  analyzed.  If 
criticality  analysis  is  to  be  performed  as  a  part  of  the  FMEA,  the  analyst  should  also 
determine  the  amount  of  t^me  which  will  be  spent  in  each  mode.  This  time,  as  a 
percentage  figure,  will  be  used  in  criticality  calculations. 

The  operational  mode  definitions  consist  of  a  master  listing  of  the  operational 
modes  and  percentage  of  time  spent  in  each  (Figure  1 2)  and  a  detailed  description  of 
each  mode.  The  detailed  descriptions  of  each  mode  need  to  provide  sufficient 
information  to  uniquely  describe  each  mode.  Figure  13  provides  a  sample  form  for 
operating  mode  definition.  This  would  generally  be  supplemented  by  additional 
descriptive  writings,  logic  flow  diagrams,  and  such  other  additional  information  as  may 
be  required  to  completely  define  the  operating  mode. 

A  complete  and  comprehensive  definition  of  each  operating  mode  is  essential  to 
both  customer  understanding  of  an  FMEA  and  to  the  ability  to  use  multiple  analysts 


OPERATING  MODE  DEFINITION 

MODE: 

FUNCTION:  ' 


INDICATIONS  TO  OPERATOR: 


INITIATED  BY: 


TERMINATED  BY: 


POSSIBLE  FAILURES: 


Figure  13.  Operating  Mode  Definition  Form 

during  the  intermediate  and  detailed  FMEA  analyst*  stages.  Additionally,  the  operating 
mode  definitions  help  focus  the  analyst  on  the  FMEA  in  a  controlled  manner. 

R.3.2.3  Define  Fundamental  Inputs  and  Outputs 

After  the  operating  mode  definitions  have  been  completed,  the  analyst  should 
define  the  fundamental  inputs  and  outputs  (I/O)  of  the  equipment  under  analysis.  The 
fundamental  inputs  and  outputs  consist  of  those  input  and  output  functions  which  define 
the  basic  purpose  of  the  device  under  analysis  and  which  form  the  external  interfaces  of 
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the  equipment.  The  fundamental  inputs  and  outputs  may  involve  various  types  of  input 
and  output  quantities  such  as  mechanical  motion,  electrical  signals,  audible  signals, 
visual  signals,  etc.  The  fundamental  inputs  are  those  which  provide  the  signals  required 
by  the  equipment  under  analysis  from  the  external  sources.  The  fundamental  outputs  are 
those  outputs  which  interface  between  the  equipment  under  analysis  and  the  next  higher 
level  of  indenture  (system  level). 

The  fundamental  inputs  and  outputs  should  be  tabularized,  and  accompanied  by  a 
brief  description  of  each  similar  to  Figure  14.  This  will  allow  all  analysts  assigned  to  the 
FMEA  to  work  from  a  common  baseline  set  of  definitions.  When  special  conditions  such 
as  backup  power,  etc.  exist,  they  should  be  noted  on  the  definition  sheet  along  with  the 
I/O  description. 


The  exact  number  of  characters  assigned  to  each  position  in  the  mnemonic  is 
arbitrary  and  can  be  decided  based  on  the  complexity  of  the  equipment  being  analyzed. 
For  the  purposes  of  discussion  a  3-4-3  structure  will  be  assumed.  That  is,  three 
characters  each  assigned  to  the  from  and  to  portions  of  the  mnemonic,  and  a  four 
character  signal  identifier. 

As  a  part  of  the  mnemonic  development  and  assignment  process,  two  cross 
reference  lists,  similar  to  those  shown  in  Figure  15  are  developed  to  provide  traceability 
between  signal  or  assembly  title  and  function  and  the  assigned  mnemonic.  One  list  is  for 
mnemonics  assigned  for  assembly  (from/to)  use.  The  other  list  is  for  signal  mnemonics. 
The  descriptions  provided  in  each  cross  reference  list  should  be  sufficiently  detailed  to 
allow  the  functon  of  the  signal  or  assembly  to  be  described.  When  assigning  assembly 
mnemonics,  this  will  generally  require  that  a  detailed  assembly  description  be  developed 
to  assure  compliance  with  MIL-STD-1629A.  These  assembly  descriptions  may  either  be 
included  as  a  part  of  the  cross  reference  table  or  in  the  FMEA  report  with  adequate 
referencing  to  the  assembly  mnemonics  cross  reference  table.  Functional  descriptions  of 
signals  will  usually  be  much  shorter  than  those  required  for  assemblies  and  can  be 
included  directly  in  the  cross  reference  table. 

The  mnemonics  list  should  be  started  as  soon  as  the  analyst  identifies  and  defines 
the  fundamental  inputs  and  outputs.  The  analyst  needs  to  identify  the  mnemonics  of  the 
fundamental  I/Os  both  to  begin  the  mnemonic  lists  and  to  provide  traceability  for  the  top 
levels  of  the  analysis.  In  most  cases,  either  the  from  or  to  part  of  the  mnemonic  will  not 
be  capable  of  being  identified  at  the  earliest  stages  of  the  analysis.  This  will  not  retard 
the  progress  of  the  analysis.  The  information  required  to  identify  the  from  and/or  to 
portion  of  the  mnemonic  should  be  available  prior  to  a  need  for  the  information. 

Mnemonic  Assignment  -  Mnemonics  may  be  assigned  by  any  method, which  is  convenient. 
The  codes  are  usually  assigned  either  in  sequence  or  keyed  to  the  signal  or  assembly 
titles.  The  assignment  of  mnemonic  codes  which  are  keyed  to  signal  or  assembly  title 
has  the  advantage  of  providing  a  built-in  reference  which  aids  the  analyst  in 
remembering  the  function  of  the  referenced  signal  without  continuous  reference  to  the 
master  mnemonic  lists.  The  disadvantage  of  the  keyed  mnemonic  assignment  method  is 
that  it  is  very  easy  to  assign  the  same  alphanumeric  code  to  more  than  one  signal. 
Avoiding  the  multiple  assignment  problem  usually  requires  the  use  of  a  sortable 
computer  file,  a  3  x  5  card  index  file  or  some  similar  method  which  allows  rapid 
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identification  of  previously  assigned  mnemonics.  Sequentially  assigning  mnemonics 
avoids  the  multiple  assignment  problems,  but  does  not  provide  the  analyst  with  the 
means  to  readily  identify  the  signal  function  without  a  reference  list. 

Figure  15  shows  examples  of  assigned  mnemonic  set  lists.  The  lists  shown 
demonstrate  mnemonics  which  have  been  sequentially  assigned.  Using  Figure  15,  the  full 
mnemonic  for  the  signal  High  Speed  Select  Logic  which  is  an  output  from  the  Digital 
Decoder  Assembly  and  an  input  to  the  Frequency  Synthesizer  Assembly  is 
AACAAABAAB.  The  full  mnemonic  identifies  all  relevant  information  about  the  signal 


with  respect  to  the  FMEA  purposes.  The  example  mnemonic  also  clearly  demonstrates 
the  problem  with  sequentially  assigned  codes.  The  mnemonic  does  not  provide  any  clues 
to  the  analyst  as  to  its  meaning,  making  a  reference  list  necessary  at  all  times. 

When  assigning  mnemonic  codes,  the  analyst  needs  to  reserve  one  from/to  and 
several  signal  mnemonic  codes  for  special  use.  The  from/to  code  should  be  used  to 


identify  sources  and  destinations  which  are  outside  the  equipment  under  analysis.  This 
allows  the  fundamental  inputs  and  outputs  to  be  recognized  throughout  the  analysis.  The 
special  use  signal  mnemonics  are  used  to  identify  digital  bus  lines. 

The  digital  bus  represents  a  special  case  where  a  signal  can  have  multiple  sources. 
In  order  to  provide  traceability  within  the  analysis,  a  special  code  is  assigned  to  each  bus 
structure,  and  a  separate  list  of  bus  attachment  points  is  maintained.  This  separate  list 
is  then  used  to  provide  the  needed  traceability. 

Once  the  mnemonics  necessary  for  the  fundamental  inputs  and  outputs  have  been 
assigned,  the  analyst  can  begin  developing  the  failure  mode  lists  which  will  be  needed  in 
developing  high  level  matrices  for  the  analysis.  These  are  the  Failure  Mode  to  Operating 
Mode  by  Effect  matrix  and  the  Failure  Mode  to  Operating  Mode  by  Severity  matrix. 
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6. 3.2.5  Failure  Effects  Lists 


The  development  of  the  initial,  high-level,  FMEA  requires  that  potential  failure 
effects  for  the  equipment/system  outputs  be  identified.  The  failure  effects  which  are 
possible  at  the  top  level  will  be  largely  dependent  on  the  type  of  equipment  under 
analysis  and  the  nature  of  the  output. 

The  analyst  should  develop  a  failure  effect  listing  which  is  peculiar  to  the 
equipment  being  analyzed  and  relevant  to  the  identified  outputs  by  signal  type.  The 
analyst  will  need  to  take  extreme  care  in  the  development  of  the  failure  effect  list  to 
ensure  completeness  while  minimizing  duplication.  Figure  16  provides  a  standardized 
listing  of  signal  failure  effects  by  signal  type.  The  failure  effects  list  shown  is  general 
and  should  not  be  considered  all  inclusive  at  the  top  level  of  analysis.  The  failure  modes 
and  effects  should  be  considered  as  based  on  the  previously  developed  specification 
except  where  the  meaning  is  well  defined.  The  failure  mode  "open"  is  self  explanatory. 
A  failure  mode  "distorted  needs  to  be  defined  in  the  specification  as  a  universal 
meaning  for  the  mode  does  not  exist. 
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SIGNAL  TYPE 

EFFECT/MODE, 

ANALOG 

ELECTRICAL  SIGNAL 

DIGITAL 

ELECTRICAL  SIGNAL 

POWER.  SIGNAL, 
ELECTRICAL 

MECHANICAL 

OUTPUTS 

VISUAL  OUTPUTS, 
INDICATORS 

meters/ 

INDICATIONS 

DIGITAL  BUS 

SHORT 

S 

S 

S 

OPEN  OR  DISCONNECTED 

0 

0 

0 

NO  OUTPUT  OR  MISSING 

N 

N 

N 

N 

WEAK  OR  LOW  OUTPUT 

L 

L 

L 

■ 

L 

OUTPUT  LEVEL  HIGH 

H 

H 

H 

ACTIVATES/DEACTIVATES 

AT  WRONG  TiME 

|| 

T 

T 

T 

T 

T 

ERRATIC  OUTPUT 

E 

E 

E 

E 

OSCILLATES 

■EH 

INCORRECT  FREQUENCY 

F 

DISTORTED 

D 

STUCK-HlGH  (ON) 

1 

1 

1 

STUCK-LOW  (OFF) 

0 

0 

0 

STUCK  AT  HIGH  IMPEDANCE 

2 

• 

z 

INCORRECT  WORD  ON  BUS 

w 

PATTERN  (XX . X)  ON  BUS 

i 

p 

Figure  16.  Standard  Failure  Effects  List 


6.3.2.S  Development  of  the  Top-Level  Matrices 

Hie  final  step  in  the  very  early  FMEA  activity  is  the  prepaw 
top-level  FMEA  rtia trices.  This  step  can  be  accomplished  once  a 
the  hardware's  intended  function  is  available  but  prior  to  any  detail) 


tjion  of  the  two 
iled  knowledge  of 
jed  hardware  design. 


delta 


Top-Level  Block  Diagram  -  The  first  essential  step  in  the  development  of  the  top-level 
matrices  is  *he  top-level  block  diagram.  The  top-level  block  diagram  is  simply  the. 
pictorial  representation  of  the  total  FMEA  workup  to  this  point  in  the  analysis. 
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Figure  17  provides  a  general  example  which  can  be  used  on  any  system/  equipment.  The 
top-level  block  diagram  uses  only  the  direct  signal  mnemonic  when  initially  prepared. 
Adequate  room  should  be  left  on  the  diagram  for  the  addition  of  from  and  to  information 
when  the  information  becomes  available  later  in  the  design  program. 

Failure  Mode  to  Operating  Modes  by  Effect  Matrix  (FMQMEM)  -  This  matrix  is  one  of 
the  two  top-level  FMEA  matrices.  The  FMOMEM  displays  the  relationship  between  the 
ultimate  failure  modes  of  the  defined  fundamental  outputs  and  the  effect  on  the  defined 
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Figure  17.  Top-Level  Block  Diagram 
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operational  modes.  The  matrix  construction  is  unique  to  the  two  top-level  matrices  as 
the  input  signals  to  the  equipment  and  any  component  parts  are  not  used  in  the  formation 
of  the  top-level  matrices.  The  appropriate  input  signals  are  used  in  all  other  matrices. 
The  purpose  of  the  two  top-level  matrices  is  tc  provide  for  ultimate  failure  effects  and 
for  criticality  calculation.  The  FMOMEM  is  usually  created  using  only  the  defined 
output  signal  mnemonics.  The  addition  of  the  "from"  part  of  the  signal  mnemonic  should 
be  accomplished  once  the  necessary  information  becomes  available. 

Figure  18  provides  an  example  of  the  form  of  a  FMOMEM.  It  should  be  noted  that 
the  mnemonics  for  the  various  defined  outputs  are  used  on  an  actual  FMOMEM  and  that 
the  various  failure  effects  are  represented  by  their  single  alphanumeric  codes. 
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Figure  18.  Failure  Mode  to  Operating  Mode  by  Effect  Matrix  (FMOMEM)  Example 


The, single  digit  codes  Used  within  the  sample  matrix  have  the  following  m^  i  .igs: 

1.  The  failure  causes  a  complete  loss  of  operating  mode. 

2.  The  failure  severely  degrades  the  operating  mode. 

3.  The  failure  causes  the  operating  modes  to  be  degraded  slightly  -  the  failure  can 
be  compensated  for  or  the  degradation  is  so  slight  that  the  condition  is 
tolerable. 

4.  The  failure  will  cause  damage  to  system,  equipment,  or  related  system 
elements.  The  operating  mode  is  also  completely  inoperative. 

5.  The  failure  is  an  indicator  failure.  It  will  be  noticed  by,  the  operator  but  does 
not  in  and  of  itself  represent  a  loss  of  equipment  function. 

The  top-level  matrix  can  also  be  used  to  key  in  commentary  or  explanatory 
material  which  cannot  easily  be  contained  within  a  matrix  technique.  The  information 
contained  in  the  FMOM£M  should  all  be  available  prior  to  the  beginning  of  detailed 
design.  The  necessary  information  is  dependent  on  the  analyst  possessing  a  thorough 
understanding  of  the  intended  purpose  and  functioning  of  the  proposed  equipment. 
Additionally,  the  analyst  will  need  a  complete  knowledge  of  the  system  into  which  the 
equipment  under  analysis  will  be  integrated.  It  should  be  noted  that  indicators  and  test 
points  are  outputs. 

Failure  Mode  to  Operating  Mode  by  Severity  Matrix  (FMQMSM)  -  This  is  the  second 
top-level  matrix  which  needs  to  be  developed  by  the  analyst  to  support  the  ongoing 
FMEA.  If  criticality  and  severity  information  is  not  required,  this  matrix  is  optional. 
The  FMOMSM  duplicates  the  FMQMEM  (Figure  H)  in  structure  except  that  the  severity 
class  is  used  to  complete  the  matrix  rather  than  the  failure  effects  codes.  The  severity 
numbers  which  are  used  within  the  matrix  have  the  following  meaning: 

1.  Catastrophic  -  A  failure  which  may  cause  death  or  weapon  system  loss 

2.  Critical  -  A  failure  which  may  cause  severe  injury,  major  property 

damage,  or  major  system  damage  which  will  result  in  mission 
loss 

3.  Marginal  -  A  failure  which  may  cause  minor  injury,  minor  property 

damage  or  minor  system  damage  or  which  will  result  in  delay 
or  loss  of  availability  or  mission  degradation 

4.  Minor  -  A  failure  not  serious  enough  to  cause  injtry,  property 

damage,  or  system  damage,  but  which  will  result  in 
unscheduled  maintenance  or  repair. 


The  severity  classification  definitions  are  taken  directly  from  MIL-3TD-1629A  and 
thus  are  consistent  with  MIL-STD-882.  These  basic  categories  are  usually  used  without 
change.  The  analyst  has  the  ability  to  add  severity  categories  between  the  listed 
categories  to  help  refine  the  process  but  this  should  not  gene, -ally  be  required. 

The  completion  Of  the  two  high-level  matrices  concludes  the  assemblage  of 
fundamental  FMEA  data.  The  data  which  has  been  assembled  up  to  this  point  provides  a 
complete  and  coherent  picture  of  the  basic  system  structure  under  which  the  equipment 
will  be  designed  and  under  which  the  FMEA  will  be  performed.  The  information  which 
has  been  assembled  is,  however,  independent  of  a  hardware  specific  design.  This 
top-level  material  is  now  to  be  used  in  several  ways: 

-  If  the  FMEA  has  been  started  as  a  part  of  a  new  design 
process,  design  guidelines  providing  guidance  as  to 
possible  critical  design  failures,  although  optional, 
should  be  issued.  The  design  guidelines  will  usually  be 
restricted  to  safety  concerns  at  this  point  by  necessity 

-  The  original  FMEA  Planning  can  now  be  finalized. 

The  analyst  should  be  able  to  determine  which  areas  of 
the  proposed  equipment  will  require  in-depth  analysis 
with  respect  to  the  original  planning 

-  Since  the  FMEA  needs  to  continue  in  step  with  the 
design  program,  it  will  often  be  necessary  to  assign 
multiple  analysts  to  the  FMEA.  The  top-level  FMEA 
material  provides  a  consistent  baseline  for  all  analysts. 
A  central  control  over  mnemonic  use  will  still  be 
needed,  however.  If  additional  personnel  are  required 
for  the  analysis,  they  can  be  assigned  at  this  point. 

6.3.2.7  initial  Activity  Completion 

The  initial  FM  EA  activity  is  complete  with  the  preparation  and  release  of  design 
guidelines  and  revision  of  the  FMEA  planning  as  required.  The  completion  of  the  initial 
FMEA  activity  can  occur  very  early  in  a  program,  often  as  early  as  the  end  of  the 
validation  program  phase.  This  allows  the  results  of  the  initial  FMEA  activity  to  be 
available  for  review  prior  to  the  start  of  full-scale  engineering  development.  On 
Government  procurements,  the  initial  FMEA  activity  should  be  required  for  review  in  a 
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time  frame  concurrent  with  any  preliminary  design  review  or  with  a  separate  FMEA 
conference  when  appropriate. 

6,3.3  INTERMEDIATE  TMEA  ACTIVITY 

Intermediate  or  block  diagram  level  FMEA  activity  can  begin  as  scon  as  the  initial 
FMEA  activity  has  been  completed  and  the  design  of  hardware  has  commenced.  This 
usually  occurs  at  approximately  a  Preliminary  Design  Review  time  frame  but  can  occur 
as  early  as  the  start  of  Full-Scale  Engineering  Development.  The  intermediate  level  and 
detail  levels  (piece-part)  of  FMEA  activity  usually  occur  in  tandem.  This  is  due  to  the 
inherent  differences  in  the  rate  of  design  progress  for  different  areas  o'  the  circuitry, 
feniie  some  parts  of  the  circuitry  have  been  defined  to  the  piece-part  level,  other  parts 
of  the  circuitry  under  development  Will  only  have  been  designed  to  a  block  diagram  level 
of  detail. 

The  analysis  should  proceed  at  the  level  of  detail  which  is  available  for  a  given 
section  of  the  design.  This  often  requires  that  several  analysts  be  assigned  to  the  FMEA 
c  uring  the  intermediate  and  detail  levels  of  analysis  due  to  the  volume  of  design 
information  being  developed.  It  is  important  that  the  analysis  keep  pace  with  the  design 
progress  so  that  a  maximum  benefit  is  obtained  from  the  analysis. 

The  intermediate  level  of  FMEA  analysis  has  several  purposes.  The  intermediate 
analysis  is  used  to  evaluate  equipment  reliability  potential,  safety  characteristics,  and 
the  safety  «md  testability  adequacy  of  the  design.  The  basic  activities  which  are  a  part 
of  the  intermediate  level  of  FMEA  activity  are  shown  in  Figure  Is).  The  results  of  the 
initial  FMEA  activity,  along  with  an  expanded  mnemonics  list  and  a  revised  or  reviewed 
failure  modes/effects  list  are  used  to  allow  the  development  of  an  intermediate  level 
FMEA  matrix  analysis.  The  analysis  then  allows  preliminary  evaluations  of  test  point, 
and  built-in-test  adequacy  to  be  performed.  Additionally,  a  preliminary  identification  of 
severity  classification  1  and  2  failures  can  be  made  and  a  revised  (  more  directed)  set  of 
design  guidelines  can  be  issued.  The  evaluations  are  preliminary  at  the  intermediate 
level  of  detail;  however,  most  design  problems  will  become  apparent  at  this  level  of 
detail  and  can  be  resolved  prior  to  the  start  of  piece-part  design. 
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Figure  19.  Intermediate  FMEA  Activity 


6.3.3. 1  Mnemonics 


1 
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The  assignment  of  mnemonics  will  continue  throughout  the  period  of  intermediate 
FMEA  activity.  As  each  subdivision  of  the  developing  hardware  structure  is  identified,  it 
should  be  assigned  a  mnemonic  which  will  serve  as  its  reference  throughout  the  analysis. 
Similarly,  the  signals  which  are  identified  should  be  assigned  a  mnemonic  reference  as 
early  as  possible. 

If  more  than  one  analyst  is  being  used  to  perform  the  FMEA,  one  of  the  analysts 
will  need  to  be  assigned  the  responsibility  of  assigning  or  issuing  mnemonics  for  all  of  the 
FMEA  activity.  It  will  be  necessary  to  limit  the  assignment  responsibility  to  one 
individual  to  prevent  duplication  of  mnemonic  assignment.  It  is  relatively  easy  to  end  up 


with  either  two  mnemonics  assigned  to  one  signal  or  assembly  or  to  assign  one  mnemonic 
to  two  assemblies  or  signals.  The  accurate  assignment  of  mnemonics  is  crucial  to 
assuring  the  traceability  of  the  FMEA  information  which  is  developed.  The  mnemonics 
are  used  to  provide  the  means  of  tracing  from  the  output  of  one  assembly  to  the  input  of 


the  assembly  at  the  next  highest  level  of  indenture. 

The  assignment  of  mnemonics  is  generally  concluded  as  a  part  of  the  intermediate 
FMEA  activity.  All  hardware  subdivisions  and  interface  signals  are  usually  identified 
prior  to  the  start  of  detailed,  piece-part  design.  It  is  often  necessary,  however,  to  assign 
at  least  some  mnemonics  fairly  late  in  the  design  process  due  to  circuitry  changes  which 
occur  as  the  result  of  testing  and  perhaps  the  FMEA  itself. 

6.3.3.2  Signal  Failure  Modes/Effects 

The  signal  failure  modes/ef'ects  which  were  previously  established  during  the 
initial  FMEA  phase  should  be  reviewed  lor  adequacy  and  revised  as  needed  to  allow  the 
analysis  to  proceed.  The  number  of  changes  which  are  necessary  at  this  point  will 
depend  on  the  specific  equipment  and  analyst.  Normally  very  few  changes  should  be 
required.  Often,  the  entire  analysis  can  be  performed  without  modifying  the  standard 
list  (given  in  Figure  16). 

The  use  of  the  standard  signal  failure  modes  generally  over-identifies  the  number 
of  failure  modes  which  are  actually  possible  in  the  finished  design.  As  design  detail  . 
becomes  available  some  of  the  failure  modes  will  be  excluded  as  a  function  of  the  design 
methodology  used.  This  is  not  a  drawback  as  it  allows  the  analyst  to  identify  those 
failure  modes  which  have  the  potential  for  contributing  to  catastrophic  failures  ve.y 
early  in  the  design  process.  This  can  allow  the  failure  mode  to  be  deliberately  designed 
out.  It  is  necessary,  however,  for  the  analyst  to  review  the  developed  matrix  analysis,  as 
the  level  of  design  detail  increases,  and  to  remove  those  modes  of  failure  which  have 
been  designed  out  of  the  equipment  at  lower  levels,  from  the  higher  level  analyses. 


After  the  development  of  adequate  mnemonics  and  signal  failure  modes  to  support 
the  analysis  of  a  given  section  of  circuitry,  the  analyst  can  begin  to  develop  the 


intermediate  level  matrix.  The  matrix  analysis  at  the  intermediate  level  is  an  iterative 
analysis.  The  matrix  can  be  expected  to  undergo  a  considerable  amount  of  change  due  to 
the  results  of  the  analysis  and  the  ongoing  design  process.  It  will  ordinarily  be  necessary 
to  modify  the  test  point  and  built -in-test  information  as  the  analyst  helps  guide  the 
design  toward  providing  an  adequate  diagnostic  capability  with  a  minimum  of  ambiguity. 


Intermediate  Matrix  Structure  -  The  basic  construction  of  the  matrix  at  the  intermediate 
level  is  shown  in  Figure  20.  The  example  matrix  shown  is  based  on  the  block  diagram 
shown  in  Figure  21.  TTiis  matrix  is  similar  in  structure  to  the  example  matrix  of  Figure 
7.  The  most  significant  change  is  the  replacement  of  the  piece-parts  along  one  side  of 
the  matrix  with  circuitry  block  designators.  In  practice,  when  performing  a  matrix 
FMEA  of  this  type  by  hand  it  is  advisable  to  use  one  matrix  to  contain  both  the 
piece-part  and  block  diagram  levels  of  detail.  This  keeps  the  analyst  from  having  to 
develop  and  complete  a  separate  matrix  form  at  each  level  of  analysis.  When  using  the 
automated  technique,  the  block  diagram  level  of  detail  matrix  is  gradually  replaced  by 
the  piece-part  level  of  detail  matrix  as  the  design  detail  becomes  available. 


ftitermediate  Matrix  Completion  -  The  analyst  completes  the  intermediate  level  FMEA 
matrix  by  analyzing  the  proposed  design  approach  to  determine  the  effect  of  each  failure 
mode  of  an  incoming  signal  or  circuitry  block  on  the  subassembly  outputs.  The  analyst 
then  places  the  letter  code  representing  the  appropriate  failure  effect  at  the 
intersection  point  6f  the  failure  mode  and  the  appropriate  output.  This  process  is 

I 

continued  until  all  the  incoming  signals  and  circuit  blocks  have  been  analyzed  for  all 
potential  failure  modes  and  the  appropriate  failure  effects  have  been  logged  against  the 
effected  ou  :puts.  The  analyst  must  also  enter  the  effect  of  the  failure  on  any 
appropriate  identified  test  points  as  a  part  of  the  analysis.  Additionally,  if  the  failure 
could  be  exacted  to  activate  any  built-in -test  monitors  which  are  a  part  of  the  circuitry 
of  the  subassembly  under  analysis,  the  built-in-test  column  of  the  matrix  should  have  a 
"Yn  entered.  If  the  failure  being  analyzed  has  a  severity  effect  above  a  classification  of 
4,  at  this  assembly  level,  the  severity  column  should  be  completed  with  the  appropriate 
severity  level  number.  When  remarks  are  necessary,  a  reference  number  to  the 
appropriate  comment  should  be  marked  and  the  comment  included  below  the  matrix* 


ASSEMBLY  NAME:  EXAMPLE  ASSEMBLY 

ASSEMBLY  MNEMONICS:  EXA 


SIGNAL  MNEMONICS:  ATNS  -  ANALOG  THRESHOLD  DRIVE  SIGNAL  (ANALOG) 

ACLO  •  ANALOG  CONTROL  LOGIC  0  (DIGITAL) 

ACL1  -  ANALOG  CONTROL  LOGIC  1  (DIGITAL) 

ACL2  -  ANALOG  CONTROL  LOGIC  2  (DIGITAL) 

ACL3  -  ANALOG  CONTROL  LOGIC  3  (DIGITAL) 

ACL4  -  ANALOG  CONTROL  LOGIC  4  (DIGITAL) 

ACL5  -  ANALOG  CONTROL  LOGIC  5  (DIGITAL) 


TPDS  -  THRESHOLD  PEAK  DETECT  SIGNAL  (ANALOG) 

ATDO  -  ANALOG  THRESHOLD  DRIVE  D.C.  EQUIVALENT  (ANALOG) 


Figure  21.  Example  of  Intermediate-Level  Block  Diagram 


Test  Point  Evaluation  -  The  analyst  fills  in  the  effects  on  identified  test  points  as  a 
part  of  the  development  of  the  intermediate  level  matrix.  These  effects  are  not 
necessarily  the  same  as  the  effects  on  the  appropriate  circuit  outputs.  The  analyst 
should  enter  the  effect  as  it  is  seen  at  the  test  point,  not  the  effect  on  the  measured 
signal.  The  analyst  must  consider  test  point  effects  with  some  care.  A  failure  which 
changes  a  test  point  to  a  value  which  may  be  within  the  range  of  measurement  variance 
for  the  equipment  population,  pr  for  the  test  equipment  which  will  be  used,  should  be 
considered  as  having  no  effect.  Basically,  the  analyst  should  enter  test  point  failure 
effects  with  respect  to  the  expected  ability  of  a  technician  in  the  field  to  locate  a 
failure  using  readily  available  test  equipment  on  the  basis  of  the  symptoms  available  at 
the  test  points.  The  skill  levels  of  the  expected  operators  and  maintenance  personnel 
should  be  considered  in  all  cases.  This  results  in  a  somewhat  subjective  evaluation  being 
performed;  however,  a  partially  subjective  analysis  is  preferable  to  identifying  test  point 
effects  which  cannot  be  actually  detected  in  the  field  use  environment. 

Built-in-Test  -  The  built-in-test  (BIT)  column  of  the  matrix  should  be  marked  with 
a  "  Y"  if  the  failure  mode  being  analyzed  activates  a  built-in-test  monitor  circuit  on  this 
subassembly.  The  BIT  column  should  be  left  blank  if  the  failure  is  not  detected  by 
built-in-test  or  if  the  built-in-test  detection  occurs  at  some  other  hardware  level  of 
indenture.  This  will  allow  a  complete  picture  of  the  overall  diagnostic  capability  of  the 
built-in-test  circuits  to  be  developed.  When  the  built-in-test  information  is  combined 
with  the  test  point  information,  a  complete  evaluation  of  the  diagnostic  adequecy  of  the 
design  is  possible. 

Failure  Severity  -  The  analyst  should  judge  the  effects  of  the  failure  being 
analyzed  for  severity  class.  If  the  failure  causes  an  effect  with  a  severity  classification 
of  1,  2,  or  3,  then  the  analyst  should  enter  that  severity  classification  number  at  the 
junction  of  the  SEVERITY  column  and  the  appropriate  failure  mode  row.  A  failure 
severity  classification  of  4  is  ordinarily  considered  a  default  and  need  not  be  entered. 


6.3.3.4  Intermediate  Analysis  Outputs 

The  intermediate  level  of  FMEA  analysis  can  be  used  for  several  purposes.  The 
basic  reliability  characteristics  of  the  equipment  can  be  defined  at  the  intermediate 
analysis  level.  The  analyst  can  also  identify  the  sources  of  potentially  catastrophic 
failures  at  an  early  enough  design  stage  to  allow  identified  problems  to  be  easily  resolved 
without  increasing  design  costs  or  impacting  schedules.  Initial  evaluations  of  test  point 
and  built-in-test  adequacy  are  also  possible  at  the  intermediate  level  of  analysis. 

Matrix  Outputs  -  The  completed  intermediate  level  matrices  yield  a  reasonably  complete 
assessment  of  the  equipment  reliability  potential.  The  analyst  should  be  able  to 
ascertain  which  low-level  failure  modes  produce  significant  failure  effects  and  which 
low-level  failure  modes  do  not  have  significant  reliability  impact.  This  will  help  assure 
that  the  re’iability  of  the  equipment  is  correctly  evaluated  and  that  a  best  case  design 
tradeoff  is  obtained.  It  is  usually  not  possible  to  exactly  quantify  the  reliability  of  the 
equipment  under  analysis  at  this  stage  as  the  needed  piece-part  detail  may  not  be 
available.  The  intermediate  analysis  will  provide  the  necessary  information  for 
reliability  evaluation  to  proceed  once  reliability  calculations  can  be  achieved  at  the 
component  level.  It  is  not  usually  necessary  to  extend  the  FMEA  itself  to  a  piece-part 
level  of  detail  to  assure  correct  reliability  evaluation. 

Test  Point  and  Indicator  Adequacy  Assessment  -  The  adequacy  of  equipment  test  points 
and  indicators  can  be  evaluated  at  the  intermediate  level  of  FMEA  analysis.  The 
evaluation  is  somewhat  subjective  and  is  only  valid  in  assessing  adequacy  with  respect  to 
the  flight  line  and  intermediate  levels  of  maintenance.  This  is  not  usually  a  drawback  as 
depot  technicians  tend  to  have  specialized  test  equipment  available  which  will  not  be 
defined  as  early  in  a  program  as  an  FMEA  is  performed.  Thus,  accurate  depot  level  test 
point  assessment  is  usually  difficult  or  impossible  during  an  FMEA.  If  the  FMEA  is  not 
going  to  be  performed  at  the  piece-part  level  of  detail,  the  analyst  should  follow  the 
procedure  given  for  the  test  point  adequacy  assessment  under  Section  6.3.4.3,  detailed 
analysis. 

Built-in-Test  Evaluation  -  The  numerical  evaluation  of  built-in-test  adequacy  proceeds  in 
a  manner  which  duplicates  that  given  under  the  detailed  analysis  Section  6.3.4.2.  The 


analyst  proceeds  as  though  performing  the  full-scale  analysis  except  that  the  level  of 
detail  of  the  reliability  calculations  is  less  than  optimum  and  thus  the  overall  confidence 
in  the  calculation  accuracy  is  reduced.  The  block  diagram  results  are,  however, 
adequate  for  almost  all  programs. 

Criticality  Analysis  -  Criticality  calculations  can  proceed  in  accordance  with  the 
MIL-STD-1629A  requirements  for  the  detailed  analysis  (Section  6.3.4.3).  The  level  of 
detail  accuracy  is  reduced  somewhat  but  should  be  completely  adequate  for  most 
programs.  If  the  analysis  has  not  identified  any  severity  category  1  or  2  failures,  the 
analyst  should  consider  eliminating  criticality  calculations  from  the  analysis  outputs. 

The  exercise  would  be  largely  non-productive  if  no  catastrophic  failure  modes  have  been 
identified. 

Design  Guidelines  -  As  the  analyst  completes  the  analysis  of  each  successive  equipment 
subsection  he  should  revise  the  design  guidelines  which  were  produced  during  the  Initial 
FMEA  activity  to  assure  that  the  necessary  guidance  to  identify  and  eliminate  any 
potentially  catastrophic  failures  is  included.  This  sometimes  requires  that  guidelines  be 
developed  which  are  peculiar  to  each  assembly  or  subassembly.  The  update  to  the  design 
guidelines  should  occur  even  when  the  analysis  is  not  going  to  progress  below  the 
intermediate  level. 


6.3.3.5  Completion  of  Intermediate  FMEA  Analysis 

Once  the  intermediate  FMEA  is  completed,  the  analyst  should  evaluate  the 
necessity  to  proceed  to  the  piece-part  level  of  detail.  Even  in  equipment  with  numerous 
catastrophic  failure  modes,  it  should  only  be  necessary  to  analyse  those  sections  of  the 
equipment  which  have  been  identified  as  contributors  to  the  catastrophic  failures,  to  the 
piece-part  level  of  detail.  Almost  all  the  potential  benefits  of  the  FMEA  process  can  be 
obtained  at  the  intermediate  level  of  analysis  while  keeping  the  cost  of  the  analysis 
much  lower,  there  is,  however,  probably  no  effective  way  to  keep  the  FMEA  level  of 
detail  above  the  detailed  block  diagram  level  without  sacrificing  significant  benefits 
from  the  analysis. 


6.3.4  DETAIL  LEVEL  FMEA  ACTIVITY 
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Once  the  block  diagram  or  intermediate  level  of  analysis  is  complete  for  an 
assembly  and  the  necessary  design  detail  is  available,  the  analysis  can  be  performed  at 
the  detail  or  piece-part  level.  The  detail  level  of  analysis  is  the  most  accurate  and 
thorough  FMEA  which  can  be  performed.  This  level  of  detail  requires  a  significant 
expenditure  in  both  time  and  cost  to  complete.  The  level  of  detail  involved  in  piece-part 
level  analysis  is  necessary  in  cases  where  the  potential  for  catastrophic  failure  modes  , 
exists.  However,  the  analyst  should  carefully  consider  the  benefits  to  be  gained  before 
expending  the  effort  required  to  perform  piece-part  analysis. 

When  piece-part  analysis  is  required,  it  may  be  advantageous  to  assign  the  task  to 
the  cognizant  design  engineer  for  the  piece-part  detail.  The  circuit  designer  is  usually 
the  individual  with  the  greatest  working  understanding  of  the  circuit  under  analysis,  thus 
minimizing  the  labor  expenditure  required  to  complete  the  analysis.  When  the  circuit 
designer  is  assigned  to  perform  the  piece-part  level  or  detail  FMEA,  he  will  normally 
require  the  assistance  of  a  knowledgeable  specialty  engineer.  The  use  of  circuit  design 
engineers  to  assist  in  tne  piece-part  level  FMEA  is  especially  attractive  when  using  the 
automated  tool.  The  automation  package  helps  to  minimize  the  clerical  impact  which 
has  traditionally  been  associated  with  the  analysis. 


6.3.4. 1  Detail  Level  Matrix  Development 


& 


The  detail  matrix  analysis  is  performed  on  assemblies  and  subassemblies  once  the 
necessary  level  of  design  detail  is  available.  The  analysis  is  performed  separately  on 
each  subsection  of  the  equipment,  allowing  the  analysis  to  remain  in  phase  with  the 
equipment  design  at  all  times. 

The  analyst  needs  to  carefully  consider  the  hardware  breakdown  structure  being 
utilised  for  the  analysis.  The  structural  breakdown  used  for  FMEA  purposes  should 
duplicate  the  physical  hardware  structure  whenever  possible.  When  the  physical 
hardware  structures  are  too  large  or  complex  to  be  analyzed  as  a  single  unit,  alternative 
analysis  structuring  schemes  can  be  used.  In  all  cases,  the  analyst  should  ensure  that  the 
selected  structures  do  not  cross  physical  hardware  partitions.  An  FMEA  breakdown 
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structure  which  crosses  hardware  partitions,  such  as  a  structure  which  consists  of 
circuitry  which  is  contained  partially  on  two  cards,  prohibits  accurate  test  point  analysis 
for  maintainability  use  within  the  technique. 

Detail  Matrix  Structure  -  The  structure  of  the  matrix  used  for  detailed  level  analysis 
exactly  duplicates  that  shown  in  Figure  7.  The  top  of  the  matrix  is  formed  by  the 
substructure  outputs,  test  points,  indicators,  BIT' detected,  comment,  severity,  failure 
rate,  and  failure  mode  percentage  columns.  The  side  of  the  matrix  is  formed  by  the 
substructure  inputs,  parts,  and  their  appropriate  failure  modes.  It  is  sometimes  desirable 
to  include  parts  detail  where  needed,  on  the  same  forms  used  for  intermediate  level 
analysis.  This  is  an  acceptable  practice;  however,  the  analyses  are  separate  and  should 
not  be  allowed  to  influence  each  other.  The  analysis  at  each  level  should  be  an  exercise 
in  inductive  logic.  The  inclusion  of  parts  level  detail  on  the  same  form  as  block  diagram 
level  information  is  not  advantageous  or  possible  when  using  the  automation  package. 

Detailed  Matrix  Completion  -  The  matrix  is  completed  in  the  same  manner  as  was  used 
for  the  intermediate  level  FMEA  matrix.  The  analyst  examines  the  finished  design  for 
the  effect  of  each  possible  failure  of  each  input  signal  and  each  part  on  the  outputs  of 
the  assembly  being  analyzed.  The  effect  code  which  is  representative  of  the  effect  of 
the  failure  is  then  entered  at  the  intersection  of  the  affected  output  signal  and  the 
failure  mode  being  analyzed.  The  analyst  also  enters  the  appropriate  effect  code  under 
any  effected  test  points,  indicates  built-in-test  activation  if  appropriate,  indicates 
failure  severity  (if  greater  than  4),  provides  a  numeric  key  to  any  needed  comments,  and 
enters  the  appropriate  part  failure  rate  and  mode  percentage.  The  appropriate  part 
failure  rates  should  be  calculated  in  accordance  with  MIL-HDBK-217.  Input  signals  are 
assigned  a  failure  rate  of  zero  as  the  failure  rate  associated  with  the  fundamental  cause 
of  any  input  signal  failure  would  be  assessed  on  the  assembly  where  the  failure  occurred. 
The  fundamental  inputs  can  be  assigned  a  failure  rate,  which  is  appropriate,  as  no 
information  on  the  rate  of  failure  cause  is  available  within  the  FMEA. 

Component  Failure  Modes  -  The  potential  effects  of  the  various  component  failure 
modes  on  the  circuit  being  analyzed  need  to  be  assessed  and  recorded  within  the  matrix. 
Each  of  the  individual  component  failure  modes  can  potentially  have  a  different  effect 
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or  the  circuit  outputs.  Also,  the  various  failure  modes  can  have  a  different  rate  of 
occurrence,  which  will  Impact  criticality  calculations.  The  relative  frequency  of 
occurrence  of  the  various  possible  component  failure  modes  can  also  be  expected  to  vary 
with  the  anticipated  environmental  exposure  for  the  equipment.  The  analyst  performing 
a  piece-part  level  analysis  should  use  sources  of  component  failure  mode  data  which 
correspond  to  the'type  of  equipment  under  analysis  when  such  sources  are  available. 

When  this  information  is  not  available  to  the  analyst,  the  failure  mode  treatment  of  the 
following  paragraphs  is  suggested. 

Two  Terminal  Devices  -  The  failure  modes  of  two  terminal  devices  can  be 
limited  to  the  treatment  of  open  and  shorted  devices.  While  this  does. not  represent  all 
possible  failure  modes  for  the  wide  variety  of  devices  available,  it  does  allow  the  most 
common,  and  catastrophic  failures  to  be  analyzed.  The  failure  modes  being  considered 
have  been  limited  to  short  and  open  with  each  failure  mode  being  assessed  a  percentage 
of  50  percent.  Less  comrhon  failure  modes,  such  as  tolerance  drift,  are  more  properly  a 
part  of  a  worst  case  analysis. 

Relays  -  The  failure  modes  to  be  considered  for  relays  are  constrained  to 
analysis  of  a  coil  open  condition,  a  coil  shorted  condition,  and  stuck  open  and  stuck 
closed  for  each  of  the  discrete  contact  set.  Combined  failure  mode*-  **hich  would  involve 
contacts  which  become  electrically  conductive  to  the  relay  coil  or  to  other  relay  contact 
sets  should  be  considered  too  unlikely  to  require  analysis.  The  failure  mode  probabilities 
should  be  assessed  as  50  percent  coil  failures  and  the  remaining  fifty  percent  equally 
assigned  between  the  contact  sets. 

Connectors  -  Cdnnectors  are  not  assessed  failure  modes  as  a  part  of  the 
advanced  matrix  technique.  The  individual  signals  which  pass  through,  the  connector  will 
have  numerous  failure  effects  associated  with  them,  including  shorts  and  opens.  The 
mode  of  failure  during  operation  which  is  dominant  for  connectors  is  one  of  an  open  . 
connection.  Since  the  impact  of  the  open  connection  will  have  already  been  assessed  as 
a  function  of  the  failure  mode  open  for  the  relevant  signal,  there  is  no  reason  to 
duplicate  the  analysis  for  the  connector.  There  is  one  type  of  induced  failure  associated 
with  connectors  which  is  not  included  in  FMEA  using  the  advanced  matrix  technique.  Bent 
connector  pins  which  short  to  adjacent  pins  are  not  considered.  This  type  of  failure, 


which  is  induced  by  maintenance  instead  of  being  caused  by  component  breakdown* 
results  in  effects  which  can  violate  the  signal  paths  designed  into  the  system  under 
analysis.  This  results  in  failure  effects  which  are  not  traceable  using  the  advanced 
matrix  technique.  The  analysis  of  bent  connector  pins  can  be  handled  as  a  separate* 
tabular*  FMEA. 

Discrete  Semiconductors  -  Transistors  are  assessed  failure  modes  on  the  basis 
of  shorts  and  opens  between  the  device  terminals.  The  common  transistor  would  be 
assessed  the  failure  modes  of  shorted  B~E,  open  B-E,  shorted  B-C,  open  B-C,  shorted 
C-E,  and  open  C-E.  Other  multi-terminal  semiconductor  devices  should  be  assessed  open 
and  short  conditions  which  are  appropriate  for  the  specific  device. 

Microcircuits  -  The  broad  category  of  components  which  comprises 
microcircuits  requires  a  specialized  treatment.  The  approach  is  to  assess  the  impact  of 
potential  failures  as  accurately  as  possible  without  attempting  to  assess  so  many  cases  as 
to  extend  the  analysis  unreasonably.  The  microcircuits  are  considered  to  belong  to  one 
of  four  basic  categories  with  respect  to  the  FMEA  piece-part  analysis.  The  categories 
are  the  discrete  digital  function  devices*  discrete  analog  devices*  the  bus  structured 
devices,  and  the  microcomputer  functional  devices. 

The  discrete  digital  function  devices  are  those  microcircuits  which  provide  a 
discrete  digital  functional  output  on  a  pin.  Devices  which  are  a  part  of  this  grouping 
include  NAND  gates*  AND  gates,  OR  gates*  flip  flops,  etc.  These  devices  should  be 
assessed  for  stuck  at  zero,  and  stuck  at  one  failures  at  each  function  output  pin. 
Devices  which  are  three  state  logic  should  also  be  assessed  for  stuck  at  high  impedance 
failures.  The  failure  mode  percentages  should  be  assumed  to  be  evenly  distributed  unless 
the  analyst  has  a  source  of  failure  mode  data  for  the  part  being  analyzed  which  indicates 
a  different  distribution. 

The  discrete  analog  devices  include  aU  analog  functions  including  the  D  to  A . 
converter.  Devices  which  are  a  part  of  this  grouping  include  operational  amplifiers* 
three  terminal  regulators*  voltage  comparators,  D  to  A  converters*  and  specialized  or 
custom  microcircuits  which  produce  a  discrete  analog  output.  The  failure  modes  which 
should  be  assessed  with  respect  to  the  analog  discrete  devices  are  stuck  at  high  output 
limit  and  stuck  at  low  output  limit.  The  devices  would  be  assumed  to  acquire  the  value 
of  the  appropriate  incoming  power  supply  limit;  The  two  failure  modes  can  be  assumed 
to  be  equally  likely  for  computing  failure  mode  probabilities. 
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The  bus  structured  microcircuits  ine»"de  those  digital  microcircuits  whose  outputs 
are  functionally  related  to  one  another.  These  are  devices  where  a  failure  can  be 
reasonably  expected  to  effect  more  than  one  pin  at  a  time  in  at  least  some  cases.  The 
output  pins  of  such  devices  must  be  treated  as  a  functional  entity.  These  devices  are 
assessed  the  failure  modes  of  incorrect  word  output  and  each  discrete  output  pin  stuck  at 
one,  stuck  at  zero,  and  for  three  state  devices,  stuck  at  high  impedance. 

Microcomputer  functional  devices  are  generally  assessed  as  a  part  of  a 
microcomputer  system  structure  and  not  at  the  piece-part  level.  The  devices  which  are 
included  in  this  classification  include  microprocessors,  microcomputers,  RAMs,  ROMs, 
peripheral  interface  adapters,  etc.  When  such  devices  are  used  outside  of  a 
microprocessor  or  microcomputer  structure  they  should  be  treated  as  bus  structured 
microcircuits.  When  used  in  the  context  of  a  microprocessing  structure  they  should  not 
be  assessed  at  the  piece-part  level  due  to  the  number  of  possible  states  which  must  be 
analyzed. 

Microcomputer  and  Modern  Digital  Architectures  -  The  complexity  of  the  modern 
digital  circuitry  represents  a  significant  challenge  to  the  ability  to  perform  FMEA.  The 
complexity  of  modern  digital  piece  parts  can  exceed  that  of  entire  systems  which  were 
produced  under  older  technologies.  The  ability  to  analyze  this  circuitry  at  the  piece  part 
level  is  constrained  by  the  tremendous  number  of  individual  failures  which  may  have  to 
be  considered.  A  modern  microprocessor  architecture  provides  an  illustration. 

As  an  example  a  sample  microprocessor  application  based  on  the  8080A  is 
considered  in  Figure  22. 

The  complexity  of  assessing  microprocessor  and  support  circuitry  failure  modes  is 
evident.  Within  the  system  shown  several  broad  categories  of  failures  are  possible  which 
effect  the  total  system  operation: 

•  Microprocessor  failures 

,  •  System  controller  failures 

•  Memory  failures  (ROM  or  RAM) 

•  Interrupt  circuitry  errors 

•  I/O  errors 

e  Timing  and  clock  errors 

If  we  consider  some  of  the  possible  types  of  failures,  some  concept  of  the  problem 

can  be  gained.  Failures  of  any  microcircuit  connected  to  the  address  bus  can  cause  any 

16 

one  of  65,536  failure  conditions  (2  for  a  16  bit-wide  bus  structure).  Similarly,  failures 

6 

on  the  control  bus  provide  another  2  possible  conditions,  while  the  data  bus 
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can  provide  another  2  possibilities.  Each  of  the  possible  conditions  must  be  analyzed 
with  respect  to  microprocessor  state  and  software  and  to  the  state  of  circuitry  external 
to  the  microprocessor  system. 

The  method  of  handling  microprocessor  based  equipment  which  is  used  within  the 
standardized  technique  relies  on  a  higher  level  of  treatment  of  the  output.  Consider  that 
the  8080  is  an  eight-bit  microprocessor,  which  is  small  by  the  current  industry 
standards.  The  implementation  of  16-  and  32-bit  architecture  processors  has  begun.  The 
assessment  of  failure  condition  for  a  32-bit  bus  structure  requires  that  approximately 
four  billion  possible  states  be  examined.  This  is  clearly  outside  the  realm  of  reasonable 
possibility,  yet  32-bit  architectures  are  likely  to  become  very  common  in  military 
hardware  which  is  developed  in  the  next  ten  years. 

The  method  of  handling  microprocessor  type  failures  within  the  advanced  matrix 
technique  is  to  analyze  the  failure  possibilities  at  a  higher  level  of  analysis.  The 
microcomputer  structure  failure  is  dealt  with  at  the  outputs  of  the  system  structure. 

The  entire  microprocessor  or  microcomputer  subsystem  is  treated  as  though  it  were  one 
component  piece-part  of  the  bus  structured  type.  The  bus  is  then  assumed  to  have  the 
failure  modes  of  wrong  word  on  the  output  bus  and  of  each  individual  line  stuck-at-zero, 
stuck-at-one,  and  for  tri-state  devices,  stuck-at-high  impedance. 

Software  FMEA  is  a  relatively  new  analysis  and  is  not  yet  well  defined  in  technique 
or  application.  The  methods  necessary  to  allow  software  FMEA  are  expected  to  be 
developed  over  the  next  several  years  as  software  and  firmware  based  systems  become 
more  prevalent.  The  Advanced  Matrix  Technique  does  not  provide  a  methodology  for 
software  analysis.  Microprocessor  based  systems  are  analyzed  at  a  level  above  piece 
part  analysis.  This  method,  while  not  assessing  the  probability  of  software  induced 
failure  effects,  should  at  least  allow  identification  of  the  potential  of  some 
hardware/software  failure  mix  causing  a  catastrophic  failure  effect  when  such  an  effect 
is  possible.  The  degree  of  control  ever  the  potential  failure  and  the  probability  of  the 
failure  remain  undefined. 

6.3.4.2  Built-in-Test  Assessment 

The  development  of  builfr-irHest  information  is  possible  as  part  of  the  FMEA 
process;  however,  this  is  a  somewhcit  tedious  process  using  manual  methods.  The 
development  of  this  information,  using  the  automated  aid  described  in  Section  7,  is 
relatively  simple. 


The  analyst  should  begin  the  BIT  analysis  effort  by  completing  a  form  similar  to 
that  shown  in  figure  23  for  each  assembly  and  subassembly  in  the  FMEA.  The  form  lists 
the  circuit  designator  of  each  potential  failed  component  along  with  the  failure  mode, 
component  failure  rate,  and  appropriate  mode  rate  percentage.  The  previously 
completed  FMEA  matrix  is  then  referenced  to  determine  whether  the  failure  is  BIT 
detected  or  not.  for  most  components  this  is  simply  extracted  from  the  assembly 
matrix.  Some  component  failures,  though,  will  require  that  the  analyst  trace  the  failure 
upward  through  the  hardware  indentured  matrices  to  determine  where  or  if  BIT  detection 
occurs. 

Once  the  assembly  level  forms  are  completed,  the  analyst  should  complete  a 
system  summary  level  form  similar  to  that  shown  in  Figure  24.  The  completion  of  the 
summary  level  form  will  provide  a  comprehensive  picture  of  the  effectiveness  of  the 
designed-in-test  capabilities  of  the  equipment  under  analysis. 

The  BIT  analysis  can  be  performed  at  either  the  intermediate  or  detailed  levels  of 
analysis,  for  intermediate  level  analysis,  circuitry  block  failures  are  used  instead  of 
components.  The  numerical  results  will  probably  be  somewhat  less  accurate  at  the 
intermediate  level  of  analysis;  however,  the  potential  for  influencing  the  ongoing  design 
is  enhanced  during  the  period  of  a  design  program  when  piece-part  level  design  is  not  yet 
completed. 

tt.3.4.3  Criticality  Analysis 

The  advanced  matrix  technique  provides  no  particular  advantage  over  tabular 
methods  for  the  development  of  criticality  numbers,  category  1  and  2  failure  modes  lists, 
or  any  other  single  point  failure  lists  which  may  be  demanded  in  an  FMEA  specified 
under  contract.  The  analyst  should  prepare  the  contractually  necessary  lists  in 
accordance  with  the  relevant  paragraphs  of  MLL-STO-1629A.  Serious  consideration 
should  be  given  to  the  use  of  at  least  some  automated  aids  for  the  necessary 
informational  sorts.  When  these  separate  lists  are  contractually  required,  they  should  be 
performed  as  the  last  item  in  the  FMEA  activity. 
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Figure  23.  Sample  Assembly  Built-in-Test  Information  Forn 
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6. 3. 4.4  Test  Point  and  Indicator  Assessment 


The  assessment  of  test  point  and  indicator  adequacy  of  designs  being  analyzed  is  an 
important  part  of  the  FMEA  process.  The  matrix  FMEA  is  particularly  well  structured 
to  allow  the  necessary  tracing  between  hardware  indenture  levels.  But  the  task  of 
tracing  out  the  needed  information  is  lengthy  and  tedious  when  manual  methods  are 
used.  The  automation  package  described  in  Section  7  provides  a  means  to  produce 
various  test  point  and  indicator  outputs  which  make  the  task  of  assembling  the  needed 
information  considerably  lets  arduous. 

As  a  part  of  the  Advanced  Matrix  FMEA  development,  the  analyst  indicates  the 
effect  of  the  failure  being  considered  on  the  test  points  and  indicators  found  at  the 
various  levels  of  hardware  indenture.  The  information  is  located  on  several  different 
matrices  for  a  typical  component  f<  il'ire,  and  has  been  developed  slowly  as  the  hardware 
design  definition  has  progressed.  This  information  on  test  point  and  indicator  effects  can 
now  be  used  to  provide  the  information  base  and  analysis  criteria  for  several  tasks.  Test 
point  and  indicator  information  supports  an  assessment  of  the  equipment  or  system 
maintainability  in  accordance  with  Procedure  5  of  MLL-HDBK-472.  This  information  is 
also  needed  to  allow  the  basic  adequacy  of  the  test  points  and  indicators  for  operations 
and  maintenance  use  to  be  assessed.  Additionally,  the  test  point  and  indicator 
information  provides  a  direct  source  of  troubleshooting  criteria  for  technical  manual  and 
training  course  use. 


Assessment  Development  -  Cost-effective  development  of  test  point  and  indicator 
information  requires  that  the  analyst  direct  the  information  gathering  activity  to  obtain 
only  that  information  needea  to  complete  the  intended  analysis.  The  analyst  should 
determine  what  maintenance  philosophy  is  being  used  on  a  program  and  how  it  is  going  to 
be  implemented.  This  will  allow  the  information  gathering  activities  to  focus  on  only 
those  test  points  and  indicators  which  are  actually  intended  for  use  by  the  maintenance 
or  operations  level  which  is  under  analysis. 

Once  the  analyst  has  determined  which  test  points  and  indicators  are  of  interest, 
he  should  develop  a  Test  Point/Indicator  Effects  Summary  similar  to  that  shown  in 
Figure  25.  The  form  shown  in  this  figure  shows  only  test  points  being  considered,  but 
indicators  are  treated  exactly  the  same  as  test  points  and  are  also  placed  across  the  top 
of  the  matrix  when  appropriate.  The  top  or  horizontal  part  of  the  matrix  consists  of  all 
the  test  points  and  indicators  which  are  associated  with  the  maintenance  level  under 


consideration.  The  matrix  is  then  completed  by  tracing  each  failure  in  the 
equipment/assembly /subassembly  under  analysis  upward  through  the  various  levels  of 
hardware  indenture  to  determine  the  effect  (if  any)  on  the  test  points  of  interest. 

The  completion  of  the  matrix  for  test  point  and  indicator  information,  while  not 
technically  difficult,  is  both  time  consuming  and  tedious  when  manual  methods  are  used. 
Consideration  shquld  be  given  to  assigning  this  task  to  a  junior  member  of  the  analysis 
staff.  The  technically  difficult  analysis  has  been  completed  during  the  development  of 
the  matrix  FMEA.  The  test  point  effects  summary  matrix  is  simply  a  reordering  of  the 
developed  data  to  allow  the  adequacy  of  the  test  points  to  be  evaluated.  This  is  a 
clerical  task  which  can  be  assigned  to  an  individual  of  somewhat  lower  technical  skills 
than  the  original  FMEA  analyst. 

Analysis  Uses  -  After  the. matrix  of  test  points  has  been  de  .loped,  the  analyst  can  begin 
to  assess  the  adequacy  of  the  design  with  respect  to  the  test  points  and  indicators.  The 
analyst  should  judge  the  degree  of  symptom  ambiguity  represented  by  the  test  points  and 
indicators  used  in  the  design,  and  should  produce  recommendations  for  additional  or 
changed  test  points  where  needed  to  minimize  ambiguity  for  the  maintenance  level  under 
analysis.  The  minimization  of  ambiguity  between  failure  symptomology  is  an  important 
consideration  if  adequate  diagnostic  capability  is  going  to  be  designed  into  the  hardware. 

After  the  adequacy  of  the  test  points  has  been  assessed,  the  analyst  can  use  the 
information  about  remaining  ambiguity  to  help  develop  maintainability  analysis  in 
accordance  with  Procedure  5  of  MIL-HDBK-472.  The  assessment  of  appropriate 
maintenance  times  to  be  expected  requires  that  the  degree  of  ambiguity  present  in  the 
diagnostics  be  known.  Additionally,  this  ambiguity  information  should  be  used  in  the 
development  of  technical  manual  and  training  course  materials. 

The  overall  assessment  of  the  adequacy  of  the  proposed  test  points  and  indicators 
for  a  design  is  an  important  part  of  the  FMEA  process  and  can  have  a  major  impact  on 
the  overall  supportability  of  the  finished  design.  The  advanced  matrix  technique  is 
uniquely  designed  to  allow  this  assessment  in  a  straightforward  manner.  This  assessment 
is,  however,  relatively  time  consuming  and  clerical  in  nature.  The  use  of  the  automated 
FMEA  tool  is  recommended.  If  manual  methods  must  be  used,  the  assessment  should  be 
minimized  in  scope  and  the  actual  organization  of  the  data  should  be  assigned  to  an 
individual  of  somewhat  lower  technical  skill  than  the  original  analyst. 


SECTION  7 

AUTOMATED  TECHNIQUE 


7.1  INTRODUCTION 

The  Failure  Effects  Analysis  and  Data  Synthesis  (FEADS)  Program,  developed  as  a 
part  of  this  study,  is  a  comprehensive  tool  to  minimize  the  clerical  impact  on  the  FMEA 
analyst  while  providing  the  greatest  possible  multi-discipline  useability  of  the 
information.  The  descriptions  of  the  FMEA  automation  package  provided  within  the 
framework  of  this  report  will  be  at  the  summary  level.  That  is,  the  direct  operation  of 
the  tool  as  it  interfaces  with  the  analyst  will  be  described  in  limited  detail.  The  primary 
purpose  of  Section  7  is  to  provide  an  overall  description  of  the  program.  Additionally, 
the  limiting  factors  of  the  program  are  discussed  along  with  why  those  limits  became 
necessary  or  were  inherent  in  the  automation  technique  selected. 

7.1.1  AUTOMATION  PURPOSE 

The  FEADS  program  developed  during  the  FMEA  study  is  specifically  designed  to 
be  an  accompaniment  to  the  Advanced  Matrix  Technique  described  in  the  previous 
section.  The  FEADS  program  allows  an  easy  means  of  data  storage  while  providing  a 
standardized  method  for  documenting  and  reproducing  FMEA  results  produced  using  the 
advanced  matrix,  technique.  Additionally,  the  computer  aid  allows  a  rigid 
standardisation  of  the  output  imports  of  the  FMEA  process  without  requiring  additional 
effort  on  the  part  of  the  analyst.  The  FEADS  automation  package  also  provides  for  ease 
of  updating  FMEA  results  in  response  to  design  changes. 

7.1.2  AUTOMATION  DEVELOPMENT  GROUNDRULES  AND  ASSUMPTIONS 


As  a  part  of  the  automation  development  process  a  set  of  groundrules  and 
assumptions  were  established  for  the  FEADS  program.  These  groundrules  were  followed 
as  closely  as  the  automation  process  permitted.  Specific  initial  groundrules  included  the 
following. 


7.L2.1  Fortran  Based 


The  FEADS  program  was  written  exclusively  in  FORTRAN.  The  FORTRAN 
language  useage  was  required  under  contract.  This  restriction  was,  however,  extended  to 
assume  that  any  version-specific  or  machine-specific  FORTRAN  options  needed  to  be 
avoided  to  the  maximum  extent  practical  while  allowing  for  a  cost-effective  program 
development.  Where  possible,  all  routines  were  written  in  non-version-specific 
FORTRAN  code.  The  program  does  use  some  machine  based,  non-FORTRAN-based 
routines.  These  have  been  limited  to  routines  which  should  be  common  to  all  computer 
facilities^such  as  sort  packages. 


7. 1.2.2  User  Friendliness 


w' 


The  FEADS  program  was  designed  with  user  friendliness  as  a  specific  objective. 
The  degree  of  user  friendliness  which  could  be  achieved  was  expected  to  significantly 
affect  the  ease  of  industry  acceptance  of  the  automation  package.  The  FEADS  program 
was  expected  to  be  used  by  experienced  analysts,  circuit  design  engineers,  and  possibly 
lower  skill  level  individuals  which  had  been  assigned  various  peripheral  tasks  in  a  large 
FMEA.  The  potential  users  were  expected  to  include  individuals  with  very  limited 
computer  backgrounds. 

The  user  friendliness  goals  for  the  FEADS  program  were  achieved  through  a 
combination  of  built  in  guidance  and  users  manual.  The  FEADS  program  guides  the  user 
with  question  and  answer  and  menu  driven  type  approaches  throughout  the  automation 
package.  The  FMEA  matrix  is  developed  using  an  interactive  screen  approach. 
Additionally,  for  those  items  where  a  question  and  answer  type  approach  would  become 
overly  repetitive  for  experienced  users,  a  users  manual  is  provided. 


7. 1.2.3  User  Interactive 

The  FEADS  program  was  designed  to  be  directly  user  interactive  since  this  al$o 
enhances  user  friendliness.  The  user  communicates  with  the  program  through  the  use  of 
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various  input  screens  which  are  specifically  designed  for  user  interaction.  Figures  26, 

27,  and  28  are  the  primary  matrix  input  screens.  The  user  communicates  to  the  program, 
the  effects  on  outputs  (Figure  26),  and  test  •  oints  (Figure  27)  of  failures  and  includes 
appropriate  remarks  (Figure  28).  This  type  of  interactive  technique  is  ideally  suited  to 
facilities  where  direct,  on  line  computer  services  can  be  provided  at  9600  baud  or 
greater  speed.  Acceptable  performance  can  be  obtained  at  slower  terminal  speeds; 
however,  a  noticeable  delay  in  the  updating  of  the  users  screen  occurs.  In  addition  to 
allowing  an  understandable,  straightforward  user  input,  the  interactive  screens  provide 
many  of  the  needed  codes  and  ancillary  information  to  the  analyst  for  easy  reference  at 
the  terminal.  Also,  default  values  which  remove  the  need  for  tedious  entry  of  redundant 
information  have  been  used  where  appropriate.  This  has  resulted  in  a  user  friendly, 
interactive  entry  technique  which  significantly  enhances  the  FEADS  program  useability. 


7. 1.2.4  Complement  Advanced  Automated  Technique 


* 


The  FEADS  automation  package  was  specifically  designed  as  a  complement  to  the 
Advanced  Automated  Technique.  The  program  replaces  any  need  for  the  development  of 
the  matrix  FMEA  on  paper.  The  program  is  usable  at  all  phases  of  FMEA  development 
except  the  planning  phases.  The  program  provides  various  FMEA  outputs  which  are 
consistent  with  the  Advanced  Matrix  Technique.  A  matrix  output  is  provided,  along  with 
the  capability  for  a  single  page  output  per  failure  (see  Section  7.2.3).  Outputs  which 
provide  BIT  summaries  and  test  ppint  and  indicator  information  are  also  available  from 
the  FEADS  program.  The  test  point  and  indicator  output  and  BIT  output  provide  a 
substantial  reduction  in  the  effort  required  to  produce  these  analyses  when  compared  to 
manual  methods. 


7.1. 2.5  Quick  Response  For  Assembly  Level  Outputs 


The  automation  package  is  designed  to  allow  the  user  to  rapidly  obtain  matrix 
outputs  at  the  assembly  level.  A  relatively  rapid  response  time  is  considered  to  be 
important  since  these  outputs  will  be  used  to  validate  work  currently  in  process.  This 


119 


INSTRUCTIONS: 

(codes  for  failure  effects 

*  LOCATE  CURSOR 

*  USING  SPACE  BAR.  PLACE 
CURSOR  UNOER  DESIRED 
OUTPUT 

*  ENTER  CODE  FOR  THE 
RELATED  EFFECT 

*  CONTINUE  UNTIL  END  OF 
LINE.  PRESS  (RETURN) 

*  REPEAT  FOR  FOLLOWING 
LINES 

0  »  STUCK  AT  ZERO 

1  *  STUCK  AT  ONE 

M  -  MISSING 

O  •  OPEN 

S  -  SHORT  TO  GROUND 
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Figure  26.  User  Interactive  CRT  Display  —  Outputs  Screen 
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INSTRUCTIONS: 


♦LOCATE  CURSOR 
♦USING  SPACE  BAR,  PLACE 
CURSOR  UNOER  DESIRED 
OUTPUT 

♦ENTER  CODE  POR  THE 
RELATED  EFFECT 
♦CONTINUE  UNTIL  END  OF 
LINE,  PRESS  (RETURN)  B 
♦REPEAT  FOR  FOLLOWING  I 
LINES 


CODES  FOR  FAILURE  EFFECTS 


E  =»  ERRATIC 
.  F  =  OFF  FREQUENCY  , 

H  =  HIGH  OUTPUT/VOLTAGE 
L  =  LOW  OUTPUT/VOLTAGE 
M  =  MISSING 


OPEN 

SHORT  TO, GROUND 


*  *  * 

*  *  * 


*  *  * 


******  OUTPUTS*  ********** 
******  TEST  POINTS  *******  *  *  * 


******  REMARKS*  ********** 


Figure  27.  User  Interactive  CRT  Display  —  Test  Points  Screen 


allows  the  analyst  using  the  program  to  obtain  rv*3ded  hard  copy  feedback  in  a  timely 
manner. 

7.1. 2.6  Minimum  Training  Requirement 

The  FEADS  package  and  its  accompanying  documentation  have  been  specifically 
tailored  to  minimize  the  training  required  to  use  the  program,  the  user  interactive 
program  package  and  its  accompanying  user's  manual  are  expected  to  provide  a 
documentation  package  to  allow  operation  of  the  program.  Specialized  training  should 
not  be  required. 


7. 1.2.7  Easy  To  Update 

The  FEADS  automation  package  has  been  designed  to  allow  updates  to  occur  with  a 
minimum  of  effort.  The  program  contains  special  routines  to  recognize  file  changes  and 
to  direct  the  analyst  to  these  change  activities  when  appropriate.  This  was  considered  a 
high  priority  item  within  the  program  development  due  to  the  rapid  rate  of  change  which 
is  normally  a  part  of  the  electronic  equipment  design  and  development  process. 


7.1. 2.8  Computer  Resource  Requirements 

The  program  development  effort  was  conducted  without  considering  computer 
resources  as  a  limiting  requirement.  The  using  organization  is  responsible  for  providing 
the  needed  resources. 


7.1.2.9  System  Output  Response  Time 

The  automation  development  assumed  that  system  level  outputs  such  as  complete 
FMEAs,  BIT  summaries,  and  test  point  and  indicator  summaries  would  not  be  required  on 
an  immediate  output  basis.  These  reports  are  requested  using  an  interactive  mode; 
however,  the  routines  required  and  the  size  of  the  information  base  which  may  be  printed 
may  preclude  quick  response  outputs  for  extremely  large  systems.  These  outputs  can  be 
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requested  at  the  end  of  a  normal  working  shift  or  at  such  times  when  significant 
computer  resources  can  he  dedicated  to  the  FMEA  in  process,  if  the  available  computer 
resources  are  overloaded  by  the  requested  program  output.  The  potential  for  this 
problem  is  dependent  on  the  size  of  the  system  being  analyzed  and  the  available 
computer  resources. 

The  groundrules  and  assumptions  which  were  utilized  in  the  development  of  the 
FEADS  program  have  resulted  in  a  flexible,  user  oriented  FMEA  automation  package 
which  should  significantly  reduce  the  labor  required  for  an  FMEA. 

7.2  AUTOMATION  PACKAGE  OVERVIEW 

7.2.1  PROGRAM  DESCRIPTION 

The  FEADS  automation  package  is  a  set  of  FORTRAN  based  routines  specifically 
designed  to  be  used  for  FMEAs  being  performed  utilizing  the  Advanced  Matrix 
Technique.  The  program  consists  of  one  main  and  33  subroutines  developed  utilizing  a 
structured  programming  approach.  The  FEADS  automatic  package  has  been  structured 
to  allow  a  maximum  of  user  comfort  when  using  the  program  while  demanding  a 
minimum  of  training. 

The  user  environment  provided  by  the  FEADS  program  is  one  of  continuous 
interaction  with  the  program  in  an  on-line  basis  to  create  the  files  wnich  contain  the 
analysis  results.  These  matrix  files  are  then  used  to  create  the  various  reports  which  the 
analyst  requires  to  document. the  FMEA  process  and  to  provide  hard  copy  working 
information  for  design  evaluation.  The  program  interfaces  with  the  user  through  a  set  of 
interactive  screens  which  are  updated  in  response  to  user  actions.  The  user  is  provided 
with  the  capability  to  direct  the  program  to  any  desired  action  quickly  and  with  a 
minimum  potential  for  error. 
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The  program  is  structured  to  provide  two  interrelated  but  separate  sections.  A 
basic  overview  of  the  program  construction  is  shown  in  Figure  5.  The  user  can  enter 
either  of  two  possible  program  environments,  assembly  or  system.  Upon  entering  the 
assembly  level  environment  the  user  can  create,  update,  or  change  an  assembly  matrix 
file.  The  user  can  also  print  selected  assembly  level  outputs  once  a  file  has  been 
created.  c*>on  entering 'the  system  level  environment  the  user  can  provide  the  program 
with  a  system  definition,  delineate  or  update  the  systems  operation  mode  file,  or  request 
any  one  of  several  available  system  level  outputs  for  hard  copy  print.  Changing  between 
the  system  and  assembly  environments  within  the  program  as  well  as  between  the  various 
subsections  is  permitted. 

The  assembly  use  environment  is  designed  to  allow  the  creation  and  modification  of 
matrix  files  containing  the  FMEA  circuit  analysis  results.  An  overview  of  the  assembly 
environment  showing  file  useage  and  available  outputs  is  given  in  Figure  30.  The 
program  user  has  three  possible  options.  He  may  create  an  entirely  new  matrix  file  to 
hold  FMEA  results  for  a  new  assembly,  he.may  change  the  entries  presently  in  an 
existing  file  to  correct  previous  errors  in  an  update  process^  or  the  analyst  can  add  or 
subtract  individual  circuit  parts  in  a  matrix,  usually  in  response  to  design  changes.  The 
program  is  dependent  on  the  existence  of  several  user  supplied  files  and  of  some  files 
which  are  normally  system  resident  files  but  are  user  modifiable.  The  files  required  to 
operate  the  program  are  discussed  in  Section  7.2.2. 

The  system  use  environment  is  designed  to  allow  the  creation  of  the  top  level 
matrix  file,  the  creation  of  the  system  definition  file,  and  the  assembling  and  printout  of 
the  available  system  level  FMEA  outputs.  An  overview  of  the  system  environment 
structure  showing  file  useage  and  available  outputs  is  given  in  Figure  31.  The  program 
user  has  the  option  of  creating,  updating  or  charging  the  operation  modes  matrix  in  a 
manner  similar  to  that  described  in  the  paragraph  above.  The  user  can  also  select  from 
several  available  outputs.  Some  of  these  outputs  are  quite  large  and  can  provide  the 
entire  FMEA  documentation.  The  input  files  required  are  discussed  in  Section  7.2.2.  The 
available  outputs  are  discussed  in  Section  7.2.3. 

The  overall  automation  package  is  expected  to  significantly  reduce  the  labor 
required  to  document  an  FMEA  which  is  performed  utilizing  the  advanced  matrix 
technique.  The  FEADS  package  is  especially  valuable  in  allowing  a  maximum  value  to  be 
received  from  the  FMEA  information  which  has  been  developed.  The  program  provides 
both  a  BIT  and  a  test  point  and  indicator  output  which  are  useable  in  evaluating  the 


Figure  29.  FEADS  Program  Macro  Flow  Chart 
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Figure  30.  FEADS  Assembly  File  Usage  and  Outputs 


diagnostic  capability  of  the  design.  These  outputs  are  very  difficult  to  assemble  by  hand 
due  to  the  volume  of  information  which  the  analyst  must  reorganize.  Both  outputs  can 
be  easily  requested  from  the  automation  package. 


7.2.2  PROGRAM  FILES 

The  READS  program  package  requires  the  existence  of  various  files  for  proper 
operation  (see  Table  7).  The  files  which  are  used  by  the  program  fall  into  three 
categories;  user  created  and  FMEA  dependent,  user  modifiable  system  information  files, 
and  program  used  temporary  files.  Each  of  these  file  types  may  be  in  use  on  any  given 
program  operation.  A  detailed  description  of  the  content  and  format  of  all  PEADS 
program  files  is  provided  as  a  part  of  the  program  users  guide. 

The  user  created  files  comprise  those  files  which  are  dependent  on  the  individual 
system  under  analysis.  These  files  are  created  by  the  analyst  either  offline  or  through 
the  use  of  the  PEADS  program  package.  Files  of  this  type  are  the  most  numerous  as 
three  files  for  each  assembly  must  be  created. 

The  user  modifiable  system  information  files  are  those  files  which  supply  general 
information  to  the  automation  package.  The  user  can  access  and  modify  these  files 
through  the  use  of  an  on-line  edit  package  (not  a  part  of  PEADS).  Generally  the  user  will 
not  need  to  access  these  files  as  they  provide  information  which  will  generally  not 
change  from  program  to  program.  These  files  need  to  be  changed  with  some  care  as  the 
changes  have  the  potential  of  affecting  stored  FMEA  results  which  may  need  to  be 
accessed  and  printed  at  a  later  time.  Responsibility  for  maintaining  the  system 
information  files  should  generally  be  assigned  to  one  individual  to  maintain  control  over 
the  impact  of  changes. 

The  temporary  program  files  are  inaccessible  to  and  transparent  to  the  user  of  the 
PEADS  automation  package.  These  are  files  which  the  program  creates,  uses,  and 
deletes  while  it  is  running.  These  files  are  mentioned  here  in  that  they  can  consume 
considerable  storage  resources  within  the  computer  facility.  Data  processing 
professionals  which  have  been  tasked  with  installing  the  PEADS  package  should  consult 
the  programmer's  notes  section  of  the  user's  manual  for  further  information.  The 
temporary  files  are  not  discussed  in  Table  7. 


TABLE  7.  FEADS  PROGRAM  FILES 


Ref(l) 
No.  u; 

'  Tltla 

Description 

1 

Assembly  Ffle 

This  is  the  assembly  parts  file.  The  program 
user  must  create  one  of  these  files 
of  Mine'2'  for  each  assembly  in  the  FMEA. 
The  file  cdntains  information  on  the  parts 
making  up  the  assembly,  their  failure  rate, 
appropriate  test  points,  inputs,  and  outputs. 
This  is  a  user  created,  FMEA  dependent  file. 

2 

Outputs  Failure  Effects  File 

• 

This  file  provides  the  program  with  a  list  of 
possible  output  failure  effect  codes  for 
display  to  the  program  user  in  the  user 
interface  screens.  This  is  a  user  modifiable, 
system  information  file  which  has  been 
created  off-line'2'  prior  to  program  use. 

3 

Test  Point  Effects  File 

This  file  is  similar  to  the  Output  Failure 
Effects  File.  The  only  diffe-  nee  is  that  the 
effects  contained  within  the  file  relate  to 
test  points. 

4 

Part  Failure  Modes  File 

This  file  supplies  the  automation  package 
with  the  appropriate  failure  modes  and 
occurrence  percentages  for  the  various 
electronic  part  types.  This  is  a  user 
modifiable,  system  information  file. 

.  5 

Signal  Failure  Modes  File 

This  file  provides  the  program  with  the 
appropriate  failure  modes  for  each  signal 
type.  This  is  a  user  modifiable,  system 
information  file. 

6 

Old  Matrix  File 

This  is  a  designation  of  the  existing 
assembly  matrix  file  when  it  is  being  used  to 
facilitate  update  or  change  routines.  This  is 
a  user  created  (using  FEADS),  FMEA 
dependent  file. 

7 

Output  Signal  File 

This  is  a  file  which  contains  a  list  of 
assembly  level  outputs  for  program  use. 

The  file  is  created  by  the  program. 

TABLE  7.  FEADS  PROGRAM  FILES  (Continued) 


Ref 

No. 

Title 

Description 

8 

1 

New  Matrix  File 

1 

*  « 

This  is  the  assembly  matrix  file  created  by 
the  assembly  level  matrix  programs  during 
the  create*  update  and  diange  assembly  file 
routines.  This  is  a  program  created*  FMEA 
dependent  file. 

9 

System  Definition  File 

This  file  contains  the  information  necessary 
to  define  the  system  in  terms  of  matrix  files 
to  the  program.  The  file  also  contains  the 
information  needed  to  allow  completion  of 
some  parts  of  the  single  sheet  output 
forms.  This  is  a  user  created  (using 

FEADS)*  FMEA  dependent  file. 

10 

Remarks  File 

This  file  holds  the  remarks  to  be  printed 
with  the  various  assembly  level  files.  These 
remarks  are  held  in  this  common  file  for  all 
assemblys.  The  file  is  created  by  the 
program  user  utilizing  FEADS  diring  the 
creation  of  the  matrix  files  (#8). 

(1)  The  reference  number  given  to  each  program  file  in  Table  7  is  the  reference  number 
used  in  Figures  30  and  31.  These  numbers  do  not  relate  to  the  program  code. 

(2)  "off-line"  refers  to  the  activities  which  occur  separate  from  the  FEADS  program.  A 
file  which  is  created  "off-line"  is  one  which  has  been  prepared  using  a  text  editor  or 
a  similar  system  utility. 

7.2.3  PROGRAM  OUTPUTS 

The  FEADS  automation  package  has  been  structured  to  provide  a  wide  range  of 
output  formats  which  enhance  the  cross  discipline  useability  of  the  FMEA  material. 

Each  of  the  available  outputs  is  discussed  in  Table  8.  A  sample  of  each  output  format  is 
provided  in  Figures  32  through  42.  The  various  available  system  level  outputs  depend  on 
having  all  the  necessary  information  developed.  In  general*  the  analyst  will  find  it 
difficult  to  receive  some  of  the  outputs  until  all  FMEA  activity  at  a  given  level  of  design 
detail  is  completed. 


TABLE  8.  AVAILABLE  PROGRAM  OUTPUTS 


Description 


ASSEMBLY  LEVEL 
OUTPUTS 

FMEA  Matrix 


Criticality 

Summary 


BIT  Summary 


Single  Sheet 


SYSTEM  LEVEL 
OUTPUTS 


This  is  an  output  of  the  created  FMEA  matrix  for  use  by  the 
analyst  in  checking  for  errors  and  as  a  record  of  the  data  entered. 
Figure  32  provides  a  sample  FMEA  matrix  output. 

This  is  a  listing  of  the  assembly  failures  as  recorded  by  the  analyst 
in  order  of  their  severity  classification  and  by  criticality  number. 
Figure  33  provides  a  sample  severity  listing  output. 

This  output  consists  of  a  listing  of  the  possible  assembly  level 
failures  with  their  BIT  detectability  listed.  Figure  34  provides  a 
sample  assembly  level  BIT  summary. 

This  output  provides  the  FMEA  for  the  assembly  level  in  a  single  ' 
sheet  format  which  complies  with  the  intent  of  MIL-STD-1629A. 
Figure  33  provides  a  sample  assembly  level  single  sheet  output. 


Sy 


L3 


Mission  Phases 


FMEA  Worksheets 


Part  Failure 
Mode  Dictionary 


Signal  Failure 
Mode  Die  cionary 


Severity  Summary 


This  is  a  system  level  summary  of  the  operating  pheses  or  modes, 
provided  to  the  program  by  the  analyst,  which  the  program  uses  in 
preparing  the  FMEA.  Figure  36  provides  a  sample  mission  phases 
output. 

This  output  option  provides  a  complete  set  of  single  sheet  type, 
MIL-STD-1629A  outputs  for  the  entire  system  structure.  This 
output  is  very  similar  to  the  assembly  level  output  except  that  the 
effects  of  failure  at  the  next  two  higher  levels  of  hardware 
indenture  are  included.  Figure  37  provides  a  sample  system  level 
FMEA  worksheet  output. 

This  output  is  essentially  a  printout  of  the  information  contained  in 
the  part  failure  mode  files.  Figure  38  provides  a  sample  failure 
mode  dictionary  output. 

This  output  provides  a  printout  of  the  data  contained  in  the 
signal  failure  mode  file.  Figure  39  provides  a  sample  failure 
failure  mode  output. 

The  Severity  Summary  output  provides  a  listing  of  all  single  point 
failures  within  the  system  in  order  of  their  severity  classification 
and  criticality  number.  Figure  40  provides  a  sample  severity 
summary  output. 


£ 

■  '  M 


TABLE  8.  AVAILABLE  PROGRAM  OUTPUTS  (Continued) 


Title 

Description 

BIT  Summary 

The  BIT  Summary  output  consists  of  a  listing  of  all  the  failures 
which  are  possible  within  a  system,  organized  by  module,  and  their 
location  (if  any)  of  BIT  detection.  Summary  information  is 
provided  for  each  module  and  for  the  system,  including  a  measure 
of  BIT  effectiveness.  Figure  41  provides  a  sample  of  the  output 
format  for  the  BIT  summary. 

Maintainability 

Information 

The  maintainability  information  output  provides  a  listing  of  failures 
which  have  an  effect  on  user  designated  test  points.  The  output  is 
useable  in  determining  the  adequacy  of  the  various  test  points  and 
indicators  of  the  equipment  being  analyzed  at  each  level  of 
maintenance.  An  example  of  the  test  point  and  indicators  output  is 
provided  in  Figure  42. 

7.3  USING  FEADS  FOR  ADVANCED  AUTOMATED  TECHNIQUE  FMEAS 


The  FEADS  automation  package  has  been  specifically  designed  to  aid  in  the 
performance  of  FMEA  utilizing  the  advanced  matrix  technique.  The  primary  advantage 
provided  by  the  FEADS  program  is  a  reduction  in  clerical  effort  and  the  ability  to  easily 
access  the  dev*  loped  data  in  the  needed  arrangement  for  optimum  useability.  The 
program  also  provides  a  means  of  generating  formal,  report  oriented,  documentation. 
This  documentation  is  suitable  for  data  delivery  when  such  requirements  are  imposed 
contractually. 

7.3.1  FMEA  PLANNING 


The  FEADS  automation  package  is  hot  directly  useable  during  the  FMEA  planning 
activity  required  by  the  Advanced  Automated  Technique.  The  planning  phase  activity  is 
desighed  to  provide  guidance  to  the  analyst  with  respect  to  the  proper  depth  and  focus 
for  the  FMEA.  The  FEADS  program  is  designed  to  record  analysis  results  and  to  provide 
analysis  documentation.  The  program  has  not  been  designed  for  creating  any  planning 
documentation.  The  FMEA  planning  activity  should  be  used  to  provide  initial  guidance  in 
the  file  organization  conventions  and  procedures  as  they  relate  to  the  use  of  the 
automation  package.  The  organization  and  control  of  file  names  is  not  likely  to 
represent  a  major  concern  for  small  systems;  however,  file  naming  conventions  become 
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42829-40P 


CLS 

REFDES 

Criticality  Suwaary 

PART  NO/DESCRIPT  PIN#  FAIL  MODE 

CRITICALITY# 

4 

POWER1 

+5VDC 

0 

MISSING 

•5495E-07 

4 

POWER1 

+5VDC 

0 

SHORT-GND 

•5495E-07 

4 

POWER2 

-15VDC 

0 

MISSING 

•5495E-07 

4 

POWER2 

-15VDC 

0 

SHORT-GND 

•5495E-07 

4 

POWER1 

+5VDC 

0 

LOW  OUTPUT 

.4396E-07 

4 

P0WER2 

-15VDC 

0 

LOW  OUTPUT 

.4396E-07 

4 

U2 

54LS197 

2 

STUCK  f  0 

•3497E-07 

4 

U2 

54LS197 

2 

STUCK  i  1 

.3497E-07 

4 

U2 

54LS197 

9 

STUCK  §  0 

.3497E-07 

4 

U2 

54LS197 

9 

STUCK  i  1 

•3497E-07 

4 

U2 

54LS197 

12 

STUCK  %  0 

•3497E-07 

4 

U2 

54LS197 

12 

STUCK  i  1 

.3497E-07 

4 

POWER1 

+5VDC 

0 

OPEN 

.2198E-07 

4 

POWER2 

-15VDC 

0 

OPEN 

.2198E-07 

4 

POWER1 

+5VDC 

O' 

HI  OUTPUT 

.1099E-07 

4 

POWER2 

-15VDC 

0 

HI  OUTPUT 

.1099E-07 

4 

POWER1 

+5VDC 

0 

ERRATIC 

•5495E-08 

4 

POWER 2 

-15VDC 

0 

ERRATIC 

.5495E-08 

4 

R10 

RLR07C1142GR 

0 

OPEN 

.4557E-08 

4 

RIO 

RLR07C1142GR 

0 

SHORT 

.4557E-08 

4 

U2 

54LS197 

2 

STUCK  fiHIZ 

.2809E-Q9 

4 

U2 

54LS197 

9 

STUCK  €HIZ 

.2809E-09 

4 

C23 

CK05R123K 

0 

OPEN 

.6170E-10 

4 

C23 

CK05R123K 

0 

SHORT 

.6170E-10 

4 

CR1 

,  1N4414 

0 

OPEN 

.6160E-11 

Figure  33.  Example  Assembly  Criticality  Summary 


BIT  Detectability  Analysis 


SIGNAL 


DESCRIPTIt 


S  iRT-GND 
STUCK  €  0 
STUCK  ftJIZ 
TIMING  OFF 


TOTAL 
FAILURE  RT 


.  L557E-08 
.2683E-06 
.616OE-II 
.1210E-06 


BIT  DE 
FAILUF 


.4557E-08 

.4557£-08 

.*l60E-ll 

.123UE-09 


BIT  % 


100.0 

1.7 

100.0 

.1 


Figure  34.  Example  Assembly  BIT  Summary 
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FMEA  Worksheet  for  FIRST  ASSEMBLY 


FMEA  Identification  Number:  AAaA 

FMEA  Date : 

|  PREP 

|  APPR 

WED,  MAR  lL,  198U 

1  BY  R.  DAVIS 

|  BY  P.  GODDARD 

Schematic  Diagram: 

1-3 

Revision: 

A 

Block  Diagram: 

1-1 

Revision: 

A 

Parts  List: 

1-2 

Revision: 

A 

Item  Part  Number: 

RLR07C11U2GR 

Indenture : 

8 

Reference  Mnemonic: 

:  RIO 

Failure  Mode: 

SHORT 

Local  Effect(s) 
Outputs : 


OOTO  SHORT-GND  Severity:  4  BIT  Detected  ?  Y 
Test  Points: 


Failure  Effect  Probability  (Beta): 

1.000 

Failure  Mode  Ratio  (Alpha) : 

.500 

Failure  Rate  ( Lambda -p) : 

•9114E-08 

Operating  Hours  (t): 

1.0 

Failure  Mode  Criticality  Number  (Cm): 

. U55TE-08 

■  Item  Criticality  Number  (Cr) : 

•9114E-08 

Remarks:  This  failure  is  detected  by  the  master  cycle  of 
BIT,  which  occurs  once  every  minute.  Upon  detect¬ 
ing  this,  the  CPU  shuts  down. 


A  DDOD  SSS  Mission  Phass*  Suaaary 

A  A  D  D  S  for 

A  A  D  D  SSS 

AAAAA  D  D  S  **  FEADS  Danonstration  ** 
A  A  DDDD  SSS 


OPERATIONAL  MODS 


FAILURE 


MNEMONIC  j  DESCRIPTION 


|  ' SEVERITY |  OCCURENCE 

I  USAGE  |  CLASS  1  RATE 


ACPWR 


POWERED  BY  AC 


.7U23E-09 

.5675E-08 

.0000E+00 

.5685E-08 


BATPWR 


POWERED  BY  BATRY 


•0000E+00 
.6417E-08 
. 0000E+00 
.5685E-O8 


Figure  36.  Example  Mission  Phases  Summary 


FMEA  Worksheet  for  TESTING  VERSION  1.1 

Page:  11 

Asssnbly  Identification  Number:  DDDA 

FMEA  Date:  |  PREP 

t  APPR 

SAT,  AUG  4,  1984  |  BY  R.  DAVIS 

j.  BY  P.  GODDARD 

Schematic  Diagram:  1-3 

Revision: 

A 

Block  Diagram:  1-1 

Revision: 

A 

Parts  List:  1-2 

Revision: 

A 

Reference  Mnemonic:  CR1 

Item  Part  Number/Signal  Description: 

720604-24 

Failure  Mode:  OPEN 

BIT  Detectable  Here  7 

Y 

This  failure  falls  into  Severity  Class  3 

Failure  Effect  Probability  (Beta):  1.000 

Failure  Mode  Ratio  (Alpha): 

.500 

Failure  Rate  (Lambda-p): 

.3875E-09 

Operating  Hours  (t) : 

1.0 

Failure  Mode  Criticality  Number  (Os):  .1937E-09 

Item  Criticality  Number  (Cr): 

.3875E-09 

Remarks :  This  causes  all  DC  output  voltages  to  be  erratic 

due  to  breakdown  in  the  full-wave  rectifier. 

l _  ::  - - 1 

Figure  37A.  Example  System  FMEA  Work  Sheet  Output  (Page  1  of  3) 


Local  Effect (a): 
Signals: 


Page:  11a 


PW1 

ERRATIC 

PW2 

ERRATIC 

PW3 

ERRATIC 

STAX 

STUCK  6  0 

Tast  Points: 

TP1  STUCK  %  0 


Figure  37B.  Example  System  FMEA  Work  Sheet  Output  (Page  2  of  3) 
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42B29-44P 


Effect («)  at  Higher  Level*:  Page:  11b 


Level 

♦  Is 

Level 

*■  2: 

dux: 

CNTR 

TIMING  OFF 

DDDH 

BEAM 

TIMING  OFF 

DDDO 

DIR 

ERRATIC 

DDDG 

ALARM3 

ERRATIC 

DDDH 

BEAM 

ERRATIC 

DDDD 

DIR 

ERRATIC 

DDDG 

ALARM3 

ERRATIC 

DDDB 

TEMP 

ERRATIC 

DDDC 

DDDG 

CNTR 

ALARM1 

TIMING  OFF 
ERRATIC 

DDDB 

PRES 

ERRATIC 

DDDC 

DDDG 

CNTR 

ALARM2 

TIMING  OFF 
ERRATIC 

DDDE 

TOR 

ERRATIC 

dddf 

ALARM 

ERRATIC 

DDDG 

ALARM1 

ERRATIC 

■ 

DDDG 

ALARM2 

ERRATIC 

DDDG 

ALARM3 

ERRATIC 

DDDF  ALARM 


STUCX  OFT 


Part  Failure  Mode  Dictionary 


Date:  MOH,  APR  30,  1984 


Part 

Type 

Part 

Sub-Type 

Failure  Mode 

Failure  Mode 
Probability 

1 

1 

STUCK  8  0 

.498 

1 

1 

STUCK  8  1 

.498 

1 

1 

STUCK  8HIZ 

.004 

1 

2 

STUCK  8  0 

.498 

1 

2 

STUCK  8  1 

.498 

1 

2 

STUCK  8HIZ 

.004 

1 

3 

STUCK  8  0 

.498 

1 

3 

STUCK  8  1 

.498 

1 

3 

STUCK  8HIZ 

.004 

1 

4 

STUCK  8  0 

.498 

1 

4 

STUCK  8  1 

.498 

1 

4 

STUCK  8HIZ 

.004 

1 

5 

STUCK  8  0 

.498 

1 

5 

STUCK  8  1. 

.498 

1 

5 

STUCK  8HIZ 

.004 

1 

6 

STUCK  8  0 

.498 

1 

6 

STUCK  8  1 

.498 

1 

6 

STUCK  8HIZ 

.004 

1 

7 

STUCK  8  0 

.498 

1 

7 

STUCK  8  1 

.498 

1 

7 

STUCK  8HIZ 

.004 

1 

8 

STUCK  8  0 

.498 

1 

8 

STUCK  8  1 

.498 

1 

8 

STUCK  8HIZ 

.004 

1 

9 

STUCK  8  0 

.498 

1 

9 

STUCK  8  1 

.498 

1 

9 

STUCK  8HIZ 

.004 

1 

10 

STUCK  8  0 

.498 

1 

10 

STUCK  8  1 

.498 

1 

10 

STUCK  8HIZ 

.004 

2 

l 

OPDI  B/C 

.167 

2 

l 

OPE*  B/E 

.167 

2 

l 

OPE*  C/E 

.167 

2 

l 

SHORT  B/C 

.167 

2 

l 

SHORT  B/E 

.187 

2 

l 

SHORT  C/E 

.167 

2 

2 

OPE*  B/C 

.167 

2 

2 

OPE*  B/E 

.167 

2 

2 

OPE*  C/E 

.167 

2 

2 

SHORT  B/C 

.167 

2 

2 

SHORT  B/E 

.167 

2 

2 

SHORT  C/E 

.167 

2 

3 

OPE*  B/C 

.167 

2 

3 

OPE*  B/E 

.167 

2 

3 

OPE*  C/E 

.167 

2 

3 

SHORT  B/C 

.167 

2 

3 

SHORT  B/E 

.167 

2 

3 

SHORT  C/E 

.167 

2 

4 

OPE*  B/C 

.167 

2 

4 

OPE*  B/E 

.167 

2 

4 

OPE*  C/E 

.16? 

2 

4 

SHORT  B/C 

.167 

2 

4 

SHORT  B/E 

.167 

2 

4 

SHORT  C/E 

.167 

2 

5 

OPE*  B/C 

.167 

Figure  38.  Example  Part  Failure  Mode  Dictionary 


CLS 

ASSY 

REFDES 

Severity  Summary 

PART  NO/DESCRIPT  PIN# 

FAIL  MODE 

CRITICALITY# 

1 

zzzz 

FIRE 

FIRE  ENABLE 

0 

TIMING  OFF 

.6170E-19 

1 

zzzz 

FIRE 

FIRE  ENABLE 

0 

STUCK  8  1 

•5553E-13 

2 

DDDA 

ZD1 

RD24E(B3) 

0 

SHORT 

.2819E-08 

2 

DDDF 

BPOWER 

RESERVE  POWER 

0 

MISSING 

. 0000E+00 

2 

DDDF 

BPOWER 

RESERVE  POWER 

0 

OPEN 

. OOOOE+OO 

2 

DDDF 

BPOWER 

RESERVE  POWER 

0 

SHORT -GND 

.  0000E+00 

3 

DDDA 

CR1 

720604-24 

0 

OPEN 

.1938E-09 

3 

DDDA 

CR1 

720604-24 

0 

SHORT 

.1938E-09 

3 

DDDA 

CR2 

720<j04-24 

0 

OPEN 

.1938E-09 

3 

DDDA 

CH2 

720604 -24 

0 

SHORT 

.1938E-09 

3 

DDDA 

CR3 

720604-24 

0 

OPEN 

.1938E-09 

3 

DDDA 

CR3 

720604-24 

0 

SHORT 

.1938E-09 

3 

DDDA 

CR4 

720604-24 

0 

OPEN 

.1938E-09 

3 

DDDA 

CRA 

720604-24 

0 

SHORT 

.1938E-09 

3 

DDDA 

ZD1 

RD24e(B3) 

0 

OPEN 

.2819E-08 

3 

ZZZZ 

ACGXD 

GROUND 

0 

ERRATIC 

.6170E-13 

3 

ZZZZ 

PWRIN 

115VAC 

0 

ERRATIC 

.6170E-13 

3 

DDDF 

BPOWER 

RESERVE  POWER 

0 

LOW  OUTPUT 

. OOOOE+OO 

4 

DDDB 

DAC1 

DAC0800 

2 

STOCK  8  0 

.8884E-09 

4 

DDDB 

DAC1 

DAC0800 

2 

STOCK  8  1 

.8884E-09 

4 

DDDB 

DAC1 

DAC0800 

4 

STOCK  $  0 

.8884E-09 

4 

DDDB 

DAC1 

DACOSOO 

4 

STOCK  8  1 

.8884E-09 

4 

ZZZZ 

FIRE 

FIRE  ENABLE 

0 

STOCK  8HIZ 

•6170E-19  i 

U 

DDDB 

SV3 

3113-03 

0 

OPEN 

.4689E-09 

4 

DDDB 

SW3 

3113-03 

0 

SHORT 

.4689E-09 

u 

DDDF 

PTRANS 

195000-86 

0 

OPEN 

.4431E-09 

u 

DDDF 

PTRANS 

195000-86 

0 

SHORT 

. 4431E-09 

4 

DDDB 

RTH 

3011-04 

0 

OPEN 

.3892E-09 

4 

DDDB 

RTH 

3011-04 

0 

SHORT 

. 3892E-09 

4 

DDDE  , 

R1 

710894-01 

0 

OPEN 

.3867E-09 

u 

DDDE 

R1 

710894-01 

0 

SHORT 

.3867E-09 

4 

DDDB 

SW5 

3113-05 

0 

OPEN 

.3782E-09 

It 

DDDB 

s«5 

3113-05 

0 

SHORT 

.3782K-09 

It 

DDDC 

uo 

74166 

13 

STOCK  8  0 

■3365K-09 

u 

wax; 

uo 

74166 

13 

STOCK  8  1 

.3365K-09 

u 

DDDC 

in 

74166 

13 

STOCK  8  0 

•3365E-09 

It 

DDDC 

ui 

74166 

13 

STOCK  8  1 

■3365K-09 

4 

DDDC 

U3 

7411 

6 

STOCK  8  0 

.336<«-09 

4 

DDDC 

U3 

7411 

6 

STOCK  8  1. 

.33601-09 

4 

DDDA 

STAT 

QM/OFF 

0 

STOCK  8  1 

•3358K-09 

4 

DDDB 

SW8 

3113-08 

0 

OPEN 

•3337K-09 

4 

DDDB 

SV8 

3113-08 

0 

SHORT 

•333TS-09 

4 

DDDA 

31 

184500-09 

0 

OPEN 

.33261-09 

4 

DDDA 

SI 

184500-09 

0 

SHORT 

.33261-09 

4 

DDDO 

El 

700138-5 

0 

OPEN 

.31191-09 

4 

DDDD 

81 

700138-5 

0 

SHORT 

.31198*09 

4 

DDDO 

H2 

700138-5 

0 

OPEN 

.31198-09 

4 

DDDO 

H2 

700138-5 

0 

SHORT 

.31198-09 

4 

DDDD 

H3 

700138-5 

0 

OPEN 

.31198-09 

4 

DDDO 

H3 

700138-5 

0 

SHORT 

.31198-09 
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very  important  for  large  9ystem  FMEAs  where  several  analysts  may  be  used.  The  initial 
planning  of  these  file  conventions  is  appropriate  during  the  FMEA  planning  phase. 

7.3.2  INITIAL  F  ME  A  ACTIVITY 

The  period  of  initial  FMEA  activity  produces  nine  distinct  outputs  (as  shown  in 
Figure  6,  page  69).  The  FEAOS  automation  package  is  used  to  provide  two  of  the 
outputs.  The  other  seven  possible  outputs  of  the  initial  activity  are  not  produced  by  the 
program,  although  the  program  will  require  the  information  generated  by  some  of  the 
activities. 

The  program  will  allow  the  analyst  to  store  the  results  of  developing  the  operating 
mode  to  percent  list  and  the  preliminary  signal  failure  modes/effects  list.  The 
automation  package  is  used  to  create  the  operation  modes  matrix,  which  is  the 
automated  equivalent  of  the  FMOMEM  and  FMOMSM  matrices.  Additionally,  the  analyst 
should  finalize  any  necessary  planning  of  file  conventiors  to  be  used  during  the  analysis 
as  a  part  of  the  initial  FMEA  activity. 

The  FEADS  program  will  not  assist  the  analyst  in  developing  the  design  guidelines, 
the  revised  FMEA  planning,  FMEA  specification,  preliminary  mnemonics,  or  the 
fundamental  I/O  definitions. 

7.3.3  INTERMEDIATE  AND  DETAIL  FMEA  ACTIVITIES 

The  FEADS  program  is  used  extensively  during  both  the  intermediate  and  detail 

levels  of  FMEA  activity.  The  analyst  utilizes  the  program  package  to  develop  the  FMEA 

documentation  in  a  matrix  format.  The  program  is  then  used  to  produce  the  various 

outputs  described  in  Section  7.2.  The  program  is  particularly  effective  in  producing  the 

HIT  and  test  point  and  indicator  outputs.  These  outputs  are  very  tedious  to  assemble  by 

manual  methods.  The  ability  to  obtain  the  various  program  outputs  is  dependent  on  the 

existence  of  sufficient  information  within  the  computer.  The  analyst  can  request  the 

various  assembly  level  outputs  as  soon  as  the  analysis  of  the  assembly  in  question  is 

complete.  The  ability  to  obtain  system  reports  is  dependent  on  the  entire  equipment 

under  analysis  having  been  analyzed  to  a  given  level.  The  preparation  of  system  level 

reports  which  reflect  the  design  analysis  at  the  intermediate  level  of  detail  requires  that 

all  assemblies  be  analyzed  at  the  intermediate  level  of  detail  and  input  to 
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the  program  prior  to  requesting  the  output  for  the  level.  It  is  possible  to  obtain  results 
from  the  FEADS  program  without  completing  the  FMEA  for  all  assemblies  if  the  system 
files  are  constrained  to  exclude  all  undefined  assemblies  and  signals.  This  should  not 
generally  represent  a  problem;  however,  the  ability  to  obtain  some  types  of  information 
may  be  paced  by  the  speed  of  the  slowest  individual  when  multiple  analysts  are  used  on  a 
large  FMEA.  This  requires  the  chief  analyst  to  ensure  that  his  available  resources  are 
being  effectively  used  if  the  needed  information  is  going  to  be  obtained  in  a  timely 
manner. 


7.4  PROGRAM  LIMITATIONS 
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The  FEADS  program,  package  has  been  developed  with  a  minimum  of  inherent 
limitations.  The  computer  resources  available  will  be  the  only  limiting  factor  for  most 
program  functions.  Where  such  limits  m*>y  be  encountered,  the  analyst  should  consult 
the  facility  manager  at  the  installation  where  the  program  is  resident. 

The  primary  restrictions  which  are  inherent  in  the  program  design  are  the  limits  on 
input  field  sizes  for  the  assembly  matrices,  restrictions  on  the  number  of  test  points  and 
indicators  which  may  be  simultaneously  analyzed  for  the  test  point  and  indicators  output 
and  the  handling  of  next  higher  assembly  effects  for  worksheet  outputs. 

Assembly  matrices  are  limited  to  a  maximum  of  twenty-five  outputs  and 
twenty-five  test  points.  This  is  expected  to  be  sufficiently  large  to  accommodate  most 
assemblies.  When  the  number  of  outputs  or  the  number  of  test  points  exceeds 
twenty-five,  the  analyst  will  be  required  to  further  sub-divide  the  hardware  under 
analysis  for  FMEA  purposes. 

The  number  of  test  points  and  indicators  which  can  simultaneously  be  considered 
for  a  given  maintainability  information  output  (Figure  42)  is  one  hundred  and  twenty. 

This  is  expected  to  be  sufficient  for  virtually  all  analysis.  When  mpre  than  one  hundred 
and  twenty  test  points  must  be  considered,  successive  test  point  and  indicator  runs  may 
be  necessary.  This  should  not  represent  an  unusual  difficulty  as  the  user  merely  specifies 
that  a  second  set  of  test  points  be  considered  on  the  succeeding  program  run. 

The  worksheet  outputs  at  the  system  level  of  program  execution  provide  next 
higher  assembly  effects  at  the  two  levels  of  hardware  indenture  above  the  one  at  which 
failure  has  been  postulated.  The  program  does  not  directly  provide  failure  effects  at  the 
system  level  for  each  postulated  failure,  although  this  information  can  be  directly 
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obtained  within  the  report  set  and  is  easily  traceable.  This  is  not  actually  a  program 
limitation  per  se,  but  reflects  the  judgment  of  the  program  development  engineers  that 
effects  at  the  two  nearest  levels  of  hardware  indenture  being  available  on  one  sheet  was 
preferable  to  one  level  of  hardware  indenture  effects  and  system  level  effects. 


SECTION  8 

RECOMMENDATIONS  FOR  FURTHER  STUDY 


The  advanced  matrix  technique  provides  a  methodology  which  ensures  maximum 
usability  of  FMEA  results  while  minimizing  the  overall  clerical  workload  imposed  on  the 
analyst.  The  technique  has  not,  however,  solved  all  the  technical  difficulties  which 
currently  exist  for  FMEA.  This  creates  a  need  for  further  refinements  in  FMEA 
technology  to  assure  that  the  analysis  remains  viable  for  hardware  using  modern 
technology.  The  specific  recommendations  for  further  study  fail  into  three  categories. 
The  area  of  components  remains  unresolved  with  respect  to  failure  modes  and  their 
associated  rates  of  occurrence.  The  technical  approach  which  is  needed  to  do  detailed 
FMEAs  for  software  and  for  microprocessor  circuitry  at  the  piece  part  level  of  detail  is 
undetermined.  Additionally,  the  topic  of  cost-effective  automated  tools  needs  to  be 
reviewed  periodically  to  identify  those  automation  tools  which  have  become 
cost-effective  due  to  changes  in  technology. 


8.1  COMPONENTS 

The  recommended  study  effort  for  components  divides  into  two  categories  of 
effort  similar  to  those  used  during  this  study.  The  collection  of  failure  mode  data  for 
h;gh  usage  piece-parts  (eg.  resistors,  capacitors,  etc.)  is  possible  and  may  be  desirable  if 
numerical  accuracy  in  criticality  analysis  is  considered  sufficiently  important.  Further 
study  of  the  types  of  complex  microelectronic  device  failures  being  experienced  by. 
industry  and  Government  may  be  needed.  The  lack  of  adequate  data  on  complex 
microelectronic  device  failures  is  a  limiting  factor  for  piece-part  FMEAs. 


8.1.1  HIGH-USAGE  PIECE-PARTS 

The  development  of  a  standard  listing  of  potential  failure  modes  for  high  usage 
piece-parts  does  not  represent  an  overwhelming  technical  challenge.  The  primary  effort 
would  be  one  of  data  collection.  The  data  collection  could  be  accomplished  by  requiring 
appropriate  reports  on  several  large  Government  programs  or  by  initiating  special  data 
collection  efforts  at  U.S.  military  depot  maintenance  locations.  This  data,  once 


compiled,  should  provide  an  accurate  listing  of  the  various  types  of  failures  being 
experienced  by  each  component  type.  This  information  could  then  be  used  to  provide  the 
FMEA  engineer  with  the  appropriate  failure  modes  to  consider  when  performing  the 
analysis. 

The  identification  of  the  appropriate  rates  of  occurrence  for  the  various  failure 
modes  of  high  usage  components  is  possible  but  may  not  be  achievable  within  a 
cost-benefit  ratio  which  is  attractive.  The  establishment  of  the  rates  of  occurrence  for 
each  identified  failure  mode  will  require  a  large  data  base.  The  data  base  required  may 
equal  or  exceed  in  size  the  data  base  used  to  establish  the  failure  rates  and  models  used 
in  MIL-HDBK-217. 

The  relative  frequency  of  occurrence  of  individual  component  failure  modes  needs 
to  be  identified  to  ensure  numerical  accuracy  for  criticality  analysis  at  the  piece-part 
level.  The  primary  use  of  the  data  is  to  identify  the  hazard  level  of  single  point, 
piece-part  failures  which  cannot  be  designed  out.  Correct  assessment  of  the  hazard 
level  requires  that  failure  mode  occurrence  rates  be  known  and  that  the  rates  accurately 
reflect  the  final  equipment  use  environment.  This  requires  that  the  relative  frequencies 
assigned  be  based  on  field  experience  instead  of  factory  data  unless  the  factory  data  can 
be  shown  to  have  a  one-to-one  correspondence  with  the  field  information.  The  majority 
of  factory  data  available  does  not  have  this  one-to-one  correspondence. 

The  available  factory  data  falls  into  several  categories.  Most  of  this  data  cannot 
be  used  to  determine  the  relative  failure  mode  occurrence  rate  with  the  accuracy 
desired.  Typical  failure  mode  data  available  includes: 

•  Component  Manufacturers 

Initial  lot  rejection  results 

Lot  rejection  results  during  any  screening 

•  Equipment  Manufacturers 

Incoming  inspection  reject  results 

Component  screening  reject  results 

Failure  information  from  equipment  subassembly 

Failure  information  from  equipment  bum-4n 

Failure  information  from  final  equipment  acceptance  tests 

Failure  information  from  production  reliability  testing. 


The  total  amount  of  component  failure  mode  data  which  could  be  derived  from 
these  sources  is  potentially  .adequate  to  allo’v  determination  of  the  relative  frequency  of 
each  failure  mode.  But  this  will  require  a  substantial  expenditure  of  time  and  cost,  to 
collect  the  data.  Additionally,  the  data  does  not  necessarily  correlate  well  to  the  use 
environment.  The  failure  mode  data  gathered  during  the  time  frame  up  to  and  including 
equipment  burn-in  is  likely  to, be  biased.  The  equipment  and  components  are  deliberately 
subjected  to  environmental  screening  designed  to  detect  and  cause  prominent  potential 
failure  modes  to  occur  during  this  period.  This  results  in  failure  mode  information 
measuring  the  efficiency  of  the  screening  imposed  with  respect  to  a  given  component 
failure  mode  being  provided  rather  than  data  on  what  should  be  expected  from  fielded 
equipment.  This  data  is  probably  adequate  to  determine  which  failure  modes  are 
possible,  but  is  not  adequate  to  determine  their  appropriate  rates  of  occurrence. 

The  only  factory  data  which  can  be  expected  to  correlate  well  with  fielded 
equipment  is  the  data  collected  from  production  reliability  testing.  This  data,  while 
relevant  to  expected  field  data,  is  not  necessarily  sufficient  to  provide  the  large  data 
base  needed  to  determine  the  appropriate  rates  of  occurrence  accurately.  There  appears 
to  be  a  need  for  a  data  source,  based  on  large  numbers  of  deployed  equipment,  which 
provides  piece-part  failure  mode  data.  The  depot  maintenance  facilities  of  the  U.S. 
military  organizations  do  not  currently  provide  the  required  level  of  detail.  A  data 
collection  effort  started  at  the  U.S.  military  depot  maintenance  facilities  could, 
however,  provide  the  needed  data. 

The  collection  of  an  adequate  amount  of  data  would  allow  the  determination  of 
appropriate  rates  of  occurrence  for  the  various  failure  modes.  The  cost  would  probably 
be  prohibitively  high. 


8.1.2  COMPLEX  MICROCIRCUITS 

For  piece-part  FMEA,  the  appropriate  failure  modes  and  rates  of  occurrence  for 
complex  microelectronic  devices  remains  undetermined.  The  primary  problem  is  that 
the  analyst  is  without  guidance  as  to  the  failure  modes  which  should  be  considered  during 
the  analysis.  The  lack  of  such  guidance  effectively  precludes  meaningful  analysis  at  the 
piece-part  level  of  circuitry  employing  complex  microelectronic  devices.  This  is  not 
necessarily  a  significant  limitation  to  the  value  and  accuracy  of  the  analysis  if  all  the 
potential  types  of  failure  occurrences  are  identified  and  analyzed  at  a  higher  level  of 


hardware  indenture.  Hie  performance  of  an  FMEA  analysis  at  a  level  of  hardware 
indenture  above  the  piece-part  level  is  somewhat  more  difficult  to  review  for 
thoroughness  and  accuracy,  but  the  overall  expense  of  the  analysis  should  be  somewhat 
less  than  the  cost  of  the  same  analysis  at  the  piece-part  level  of  indenture. 

The  problems  inherent  in  identifying  and  categorizing  the  failure  modes  of  complex 
microelectronic  devices  are  discussed  in  Section  3.1.  These  difficulties  should  not 
preclude  periodic  efforts  to  obtain  data  on  the  failures  of  complex  microelectronic 
devices.  The  expanding  use  of  these  devices  in  an  ever  increasing  number  and  type  of 
products  may  eventually  allow  the  proper  failure  modes  to  be  established  in  a  meaningful 
way.  The  use  of  various  types  of  complex  microelectronic  devices  by  the  automotive 
industry  may  provide  a  data  base  which  is  adequately  large  for  the  purpose  of  identifying 
appropriate  failure  modes.  A  periodic  investigation  into  the  current  availability  of  data 
sources  should  be  considered. 

8.2  FMEA  TECHNIQUES 

The  advanced  matrix  FMEA  technique  provides  a  framework  for  performing  and 
recording  the  circuit  analysis  required  as  a  part  of  the  FMEA  process.  It  does  not, 
however,  resolve  two  technical  issues  which  are  potentially  important  with  respect  to 
the  performance  of  the  FMEA.  The  recommended  means  for  treating  complex 
microelectronic  device  based  circuitry  need  to  be  expanded  if  piece-part  analysis  of  such 
circuitry  is  to  be  considered  viable.  Additionally,  the  methods  to  be  used  in  assessing  the 
impact  of  software  and/or  Arm  ware  failures  within  the  FMEA  process  need  to  be 
investigated. 

The  development  of  techniques  to  assess  the  piece-part  failure  effects  within 
circuitry  employing  complex  microelectronic  devices  needs  to  be  pursued  if  piece-part 
level  analysis  is  to  be  valid.  The  initial  problem  is  that  the  failure  modes  of  these 
devices  are  not  defined.  Defining  and  categorizing  these  failure  modes  is  necessary  prior 
to  the  development  of  an  accurate  methodology  to  assess  their  failure  effects  within 
equipment.  The  recommended  study  effort  to  define  these  failure  modes  is  described  in 
Section  4.1.2.  Once  the  appropriate  failure  effects  have  been  determined,  the 
methodology  for  an  efficient  and  effective  analysis  of  these  failure  modes  needs  to  be 
developed. 


Modern  electronic  equipment  increasingly  utilizes  microprocessor-based  control. 
This  results  in  the  impact  of  any  failure  being  a  function  of  both  the  hardware  and  the 
software  design  and  implementation.  Therefore  the  problem  of  software  failure  may 
need  to  be  considered  as  a  part  of  the  FMEA.  The  techniques  necessary  to  allow 
software  FMEA  assessment  need  to  be  developed  if  FMEA  is  to  remain  a  valid  and 
valuable  tool  for  electronic  equipment.  There  is  a  need  for  extensive  work  in  the  area  of 
software /firm  ware  failure  analysis  and  the  application  of  that  analysis  to  the  FMEA 
process. 


8.3  FMEA  AUTOMATION 


This  study  has  concluded  that  the  standardization  and  automation  of  circuit 
analysis  for  FMEA  in  a  manner  similar  to  that  used  for  reliability  predictions  in 
MIL-HDBK-21 7  is  not  feasible.  The  lack  of  ability  to  provide  this  type  of 
standardization  is  expected  to  continue  indefinitely:  The  validity  of' the  study 
conclusion,  that  the  development  of  one  integrated,  comprehensive  circuit  analysis  tool 
for  FMEA  use  is  not  feasible,  may  change  as  the  availability  of  computer  resources  and 
analysis  tools  evolves.  The  issue  of  developing  a  cost-saving  circuit  analysis  tool  which 
is  adequately  fast  and  inexpensive,  should  be  investigated  periodically  as  electronic  and 
computer  technologies  evolve. 
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